Abstract
Scientific workflows are composed of different services to support scientific experiments. Often such services are provided by different organizations that can have their own autonomous access control policies. Workflows are often shared and repurposed with the same and/or different datasets to repeat scientific experiments, therefore, different users can require different privileges to access different services to execute (enact) a given workflow. It can be the case that a given user may not have sufficient privileges to access some of the services of the workflow. As such, it needs to be ascertained whether a user (or enactment engine acting on behalf of a user) with a given set of security credentials should be allowed to enact a workflow and whether this will lead to runtime failure of the workflow. Ideally it should be determined a priori whether a path exists from the root node of the workflow graph to the leaf node, i.e. that it is possible for the workflow to be fully executable or partially executable on the basis of the available credentials of the user. This paper presents an algorithm and its realization that exploits existing workflow patterns to determine the structural path of the workflow whilst checking the availability of credentials at different service points in the workflow path.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bowers, S., Ludascher, B., Ngu, A.H.H., Critchlow, T.: Enabling scientific workflow reuse through structured composition of dataflow and control-flow. In: Proceedings of 22nd International Conference on Data Engineering Workshops, 2006, pp. 70–70 (2006)
Van Der Aalst, W.M.P., Ter Hofstede, A.H.M., Kiepuszewski, B., Barros, A.P.: Workflow patterns. Distrib. Parallel Databases 14(1), 5–511 (2003)
Ter Hofstede, A.H.M., Van Der Aalst, W.M.: YAWL: yet another workflow language. Inf. Syst. 30(4), 245–275 (2005)
Jordan, D., Evdemon, J., Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., et al.: Web services business process execution language version 2.0, OASIS Standard 11 (2007)
Fahringer, T., et al.: Askalon: a development and grid computing environment for scientific workflows. In: Taylor, I.J., Deelman, E., Gannon, D.B., Shields, M. (eds.) Workflows for e-Science, pp. 450–471. Springer, London (2007)
Taylor, I.J., Deelman, E., Gannon, D.B.: Workflows for e-Science: scientific workflows for grids (2006)
Johnson, D.B.: A note on Dijkstra’s shortest path algorithm. J. ACM (JACM) 20(3), 385–388 (1973)
Goldberg, A.V., Harrelson, C.: Computing the shortest path: a search meets graph theory. In: Proceedings of the Sixteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 156–165 (2005)
Xu, M., Cui, L., Wang, H., Bi, Y., Bian, J.: A data-intensive workflow scheduling algorithm for grid computing. In: ChinaGrid Annual Conference, 2009, ChinaGrid 2009, pp. 110–115 (2009)
Ludäscher, B., Lin, K., Bowers, S., Jaeger-Frank, E., Brodaric, B., Baru, C.: Managing scientific data: from data integration to scientific workflows. Geoinform. Data Knowl. 109 (2006)
Migliorini, S., Gambini, M., La Rosa, M., Ter Hofstede, A.H.M.: Pattern-based evaluation of scientific workflow management systems (2011)
Sadiq, W., Orlowska, M.E.: Applying graph reduction techniques for identifying structural conflicts in process models. In: Jarke, M., Oberweis, A. (eds.) CAiSE 1999. LNCS, vol. 1626, pp. 195–209. Springer, Heidelberg (1999). doi:10.1007/3-540-48738-7_15
Sadiq, W., Orlowska, M.E.: Analyzing process models using graph reduction techniques. Inf. Syst. 25(2), 117–134 (2000)
Eder, J., Gruber, W., Pichler, H.: Transforming workflow graphs. In: Proceedings of the First International Conference on Interoperability of Enterprise Software and Applications (INTEROP-ESA 2005) (2005)
Vanhatalo, J., Völzer, H., Leymann, F., Moser, S.: Automatic workflow graph refactoring and completion. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds.) ICSOC 2008. LNCS, vol. 5364, pp. 100–115. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89652-4_11
Chang, D.-H., Son, J.H., Kim, M.H.: Critical path identification in the context of a workflow. Inf. Softw. Technol. 44(7), 405–417 (2002)
Altunay, M., Brown, D., Byrd, G., Dean, R.: Trust-based secure workflow path construction. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 382–395. Springer, Heidelberg (2005). doi:10.1007/11596141_29
Wimmer, M., Albutiu, M.-C., Kemper, A.: Optimized workflow authorization in service oriented architectures. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 30–44. Springer, Heidelberg (2006). doi:10.1007/11766155_3
Wong, P.Y.H., Gibbons, J.: A process-algebraic approach to workflow specification and refinement. In: Lumpe, M., Vanderperren, W. (eds.) SC 2007. LNCS, vol. 4829, pp. 51–65. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77351-1_5
Li, P., Castrillo, J.I., Velarde, G., Wassink, I., Soiland-Reyes, S., Owen, S., Withers, D., et al.: Performing statistical analyses on quantitative data in Taverna workflows: an example using R and maxdBrowse to identify differentially-expressed genes from microarray data. BMC Bioinformatics 9(1), 334 (2008)
Tan, K.L.L., Turner, K.J.: Orchestrating grid services using BPEL and Globus Toolkit 4. In: 7th PGNet Symposium (2006)
Dornemann, T., Smith, M., Freisleben, B.: Composition and execution of secure workflows in wsrf-grids. In: 8th IEEE International Symposium on Cluster Computing and the Grid, 2008, CCGRID 2008, pp. 122–129 (2008)
Sinnott, R.O., Hussain, S.: Security-oriented workflows for the social sciences. In: 2010 4th International Conference on Network and System Security (NSS), pp. 152–159 (2010)
Sinnott, R.O., Hussain, S.: Architectural design patterns for security-oriented workflows in the social science domain. In: Conference on e-Social Science, Cologne, Germany, 24–26 June 2009 (2009)
Hussain, S., Sinnott, R.O., Poet, R.: A security-oriented workflow framework for collaborative environments. In: IEEE 15th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2016 (2016, in press)
Hussain, S., Sinnott, R.O., Poet, R.: Security-enabled enactment of decentralized workflows. In: ACM 9th International Conference on Security of Information and Networks, 2016 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Hussain, S., Sinnott, R.O., Poet, R. (2016). Service-Oriented Workflow Executability from a Security Perspective. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)