The Library
Modeling and analyzing the impact of authorization on workflow executions
Tools
He, Ligang, Huang, Chenlim, Duan, Kewei, Li, Kenli, Chen, Hao, Sun, Jianhua and Jarvis, Stephen A. (2012) Modeling and analyzing the impact of authorization on workflow executions. Future Generation Computer Systems, Volume 28 (Number 8). pp. 1177-1193. doi:10.1016/j.future.2012.03.003 ISSN 0167-739X.
Text
He-fgcs-inpress-2012.pdf - Published Version Embargoed item. Restricted access to Repository staff only Download (1178Kb) |
Official URL: http://dx.doi.org/10.1016/j.future.2012.03.003
Abstract
It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.
Item Type: | Journal Article | ||||
---|---|---|---|---|---|
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||
Journal or Publication Title: | Future Generation Computer Systems | ||||
Publisher: | Elsevier Science BV | ||||
ISSN: | 0167-739X | ||||
Official Date: | 2012 | ||||
Dates: |
|
||||
Volume: | Volume 28 | ||||
Number: | Number 8 | ||||
Page Range: | pp. 1177-1193 | ||||
DOI: | 10.1016/j.future.2012.03.003 | ||||
Status: | Peer Reviewed | ||||
Publication Status: | Published | ||||
Access rights to Published version: | Restricted or Subscription Access | ||||
Date of first compliant deposit: | 24 December 2015 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |