SlideShare una empresa de Scribd logo

The Security Framework for Workflow Management Systems

Descargar como PPTX, PDF
Swanky Hsiao
Swanky Hsiao

2013-09-25@Department of Computer Science, University of Taipei Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com

Tecnología
1 de 27
The Security Framework for Workflow management systems Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com Department of Computer Science and Information Engineering National Taiwan Normal University
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 2
Introduction of Workflow Management Systems (WfMSs)  Definition:  Software systems that support coordination and cooperation among members of an organization whilst they perform complex business tasks.  Business tasks are modeled as workflow processes that are automated by the WfMS.  An activity is a logic step within a workflow, which includes the information about the starting and stopping conditions.  A person who participates in the execution of an activity is called a participant of that activity.  A workflow process instance represents a state of execution of a workflow process definition by the WfMS, and is usually controlled by the workflow engine. 3
Type of Engine-based WfMSs  Centralized WfMS  Focus on executing workflow processes within a single organization at one location in a single workflow engine.  Distributed WfMS  Establish multiple workflow engines  Balance the load among the workflow engines as the number of users increases.  Reduce the communication time between the participants in the activity and the workflow engines. 4
Centralized WfMS  A workflow process is executed by a single workflow engine that communicates with all of the participants in the activity. A1 A2 A3 A6A4 A5 Workflow engine Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Process instance migration User communication 5
Distributed WfMS  Multiple workflow engines in different places.  Can be used to build up the cross-enterprise WfMS that controls the execution of cross-enterprise workflow processes. A1 A2 A3 A6A4 A5 Workflow engine 2 Workflow engine 3 Workflow engine 1 Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Public network Public network Public network Process instance migration User communication 6
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 7
Problems and Difficulties for Engine-based WfMS in the Cloud Security  Authentication  Refers to reliably verifying the identity of the task execution agents.  Confidentiality  Refers to unauthorized disclosure of information including the workflow specification, and the workflow instances during its execution.  Seems ok. 8
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Security  Data integrity  Refers to the unauthorized modification of information, again including the workflow specification as well as the data manipulated during the execution of a workflow instance.  Nonrepudiation  Refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract.  Just guaranteed by SLA? 9
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Scalability  Reasons for scalable WfMS in the Cloud  Participants are dynamically.  Multi-tenancy WfMS requirement.  How to store huge amount of process instances?  Traditional way:  Store and manage process instances in relational database.  What is the appropriate form of process instances? 10
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Cross-Enterprise  Only when we can solve the security and scalability problem.  The process instances should guarantee nonrepudiation.  SLA seems not enough.  Other  Secured process instance migration  User control migration  Process instance replication in different clouds  User control replication 11
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 12
Our Solution – DRA4WfMS  Document Routing Architecture for WfMS (DRA4WfMS)  Engine-less WfMS  Supports a purely distributed operational model without needing a workflow engine to act as a trusted centralized point of coordination.  XML-based document-routing system.  Security framework  Implements the main required security features such as authentication, confidentiality, data integrity, and nonrepudiation.  Applying element-wise encryption and a cascade-based method to embed digital signatures.  Dynamic security policy  Managing and controlling data accesses according to the dynamic behavior of workflow processes. 13
Operational Models of DRA4WfMS  Basic operational model  Only support authentication, confidentiality, data integrity, and nonrepudiation.  Advanced operational model  Also support workflow monitor. 14
Basic operational model of the DRA4WfMS 15 AEA (Activity Execution Agent) AEA AEA Start End Execution result of the activity Digital signature embedded by the workflow participant Workflow definition Digital signature embedded by the workflow designer Synchronous communication A1 A2 A3
Advanced operational model of the DRA4WfMS AEA AEA Start Execution result of the activity Digital signature embedded by the workflow participant Time stamp embedded by the timestamp server Workflow definition Digital signature embedded by the workflow designer (1) (2) TFC Server (Timestamp and Flow- Control Server) Synchronous communication Secured initial DRA4WfMS document TFC Server … A1 A2 16
Architecture and XML-based syntax of a DRA4WfMS document Header section Application definition section Unique process id Workflow definition section Security definition section A digital signature Activity execution result section 17 <?xml version="1.0"?> <DRA4WfMS:DRA4WfMS xmlns:DRA4WfMS="http://www.DRA4WfMS.org/2010"> <UID Id="X1"/> <APDefinition Id="X2"> <!--Workflow Definition section--> <WorkflowDefinition> <Participants>...</Participants> <Activities>...</Activities> <Transitions>...</Transitions> </WorkflowDefinition> <!--Security definition section--> <SecurityDefinition> <SignatureKeyIssuer C=".." S=".." L=".." O=".." OU=".." CN=".."/> <KeyDefinitions>...</KeyDefinitions> <AlgorithmDefinitions>...</AlgorithmDefinitions> <EncryptionDefinitions>...</EncryptionDefinitions> </SecurityDefinition> <Signature Id="Y"> ... </Signature > </APDefinition> <!--Activity execution result section--> <CERs> <CER Id="CER:Aid:Index"> ... </CER> ... </CERs> </DRA4WfMS:DRA4WfMS>
Process instance of DRA4WfMS  Each process instance contains the execution results of previous executed activities.  Guarantee nonrepudiation.  Element-wise encryption.  Self-protected  Without requiring an access-control server. 18
19 Applying DRA4WfMS in Cloud computing environment A1 download the document from portal servers AEA A1 (1) (2) (3) (4) (5) DRA4WfMS documents pool DRA4WfMS Cloud system Portal servers …… (6) AEA A2 Return the result document Stores it in the pool of DRA4WfMS documents
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 20
Implementation  DRA4WfMS API  Implemented by the Java programming language.  Ready for download  http://www.csie.ntnu.edu.tw/~ghhwang/DRA4WfMS/DRA4WfMS_EXAMPLES.zip  DRA4WfMS cloud system in the HBase database of Apache Hadoop  Store process instance in HBase.  Provide the following operations:  Search DRA4WfMS documents  Retrieve a DRA4WfMS document  Store a DRA4WfMS document  Notify the subsequent participants  Perform workflow monitoring or statistical analyses 21
Two workflow processes for conducting experiments Start of workflow End of workflow Activity Connection edge Condition TFC Server A B1 B2 C D Accept Attachment is insufficient. (A) A B1 B2 C D Accept (B) Attachment is insufficient . AND- split AND- join AND- split AND- join Initial document Initial document 22
Result parameters for the workflow shown in Fig. A 23
Result parameters for the workflow shown in Fig. B : Time required to decrypt and verify signatures in the AEA and TFC server (in seconds) : Time required to encrypt and embed signatures in the AEA (in seconds) : Time required to encrypt and embed signatures in the TFC server (in seconds) : Size of the generated file (in bytes) 24
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 25
Conclusion  We propose a secured WfMS for the cloud computing environment.  Document Routing Architecture for WfMS (DRA4WfMS)  Does not require a workflow engine to control the execution of activities  Avoid the security problems that may arise in engine-based distributed WfMSs.  Element-wise encryption and Cascade-based method of embedding digital signatures  Make DRA4WfMS document self-protected without requiring an access-control server.  Security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service-level agreements between users and cloud service providers.  Different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system.  Easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system. 26
THANK YOU! 27

Recomendados

DevOps_SelfHealing
DevOps_SelfHealingDevOps_SelfHealing
DevOps_SelfHealingAtul Dhingra
 
Ch24
Ch24Ch24
Ch24Welly Dian Astika
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Flevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionFlevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionDavid Tracy
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 

Recomendados

DevOps_SelfHealing
DevOps_SelfHealingDevOps_SelfHealing
DevOps_SelfHealingAtul Dhingra
 
Ch24
Ch24Ch24
Ch24Welly Dian Astika
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Flevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionFlevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionDavid Tracy
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 
Installation
InstallationInstallation
InstallationChuan Ha Quang
 
24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMSkoolkampus
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016Pukhraj Paliwal
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL ServerBob Roudebush
 
Resume 23 Nov 2015
Resume 23 Nov 2015Resume 23 Nov 2015
Resume 23 Nov 2015Pukhraj Paliwal
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprintKunKun Ng
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...ijgca
 
Sudheendra
SudheendraSudheendra
SudheendraSudheendra P
 
Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirtWomensHealthFan
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Phil Agcaoili
 
Campus jueves
Campus juevesCampus jueves
Campus juevescampus party
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
Iso2700
Iso2700 Iso2700
Iso2700 madunix
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасностиDmitry Sanatov
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businessescyrusone
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 

Más contenido relacionado

La actualidad más candente

24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMSkoolkampus
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL ServerBob Roudebush
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprintKunKun Ng
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...ijgca
 

La actualidad más candente (9)

Installation
InstallationInstallation
Installation
 
24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL Server
 
Resume 23 Nov 2015
Resume 23 Nov 2015Resume 23 Nov 2015
Resume 23 Nov 2015
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprint
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
 
Sudheendra
SudheendraSudheendra
Sudheendra
 

Destacado

Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirtWomensHealthFan
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Phil Agcaoili
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
Iso2700
Iso2700 Iso2700
Iso2700 madunix
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасностиDmitry Sanatov
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businessescyrusone
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Web Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMWeb Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMComma Group
 
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Comma Group
 

Destacado (18)

Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirt
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4edition
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
 
Campus jueves
Campus juevesCampus jueves
Campus jueves
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
 
Iso2700
Iso2700 Iso2700
Iso2700
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасности
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Paratextoo
ParatextooParatextoo
Paratextoo
 
Web Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMWeb Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEM
 
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
 
Ipv4 vs ipv6
Ipv4 vs ipv6Ipv4 vs ipv6
Ipv4 vs ipv6
 

Similar a The Security Framework for Workflow Management Systems

WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflowguest6295d0
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbourIT
 
Distributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningDistributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningAr Agarwal
 
shivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationshivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationAkash Maurya
 
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikMicrosoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikABTO Software
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
Accelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationAccelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationCognizant
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Surekha_haoop_exp
Surekha_haoop_expSurekha_haoop_exp
Surekha_haoop_expsurekhakadi
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015James Tramel
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Kesavan Munuswamy
 
MVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCMVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCAnton Krasnoshchok
 
T3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of ExcellenceT3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of Excellenceveehikle
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 

Similar a The Security Framework for Workflow Management Systems (20)

WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflow
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 Wrap
 
Distributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningDistributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud Provisioning
 
shivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationshivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentation
 
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikMicrosoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
PDC Highlights
PDC HighlightsPDC Highlights
PDC Highlights
 
Accelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationAccelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud Automation
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Security Operations
Security OperationsSecurity Operations
Security Operations
 
Surekha_haoop_exp
Surekha_haoop_expSurekha_haoop_exp
Surekha_haoop_exp
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015
 
MVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCMVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVC
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
As4301234238
As4301234238As4301234238
As4301234238
 
T3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of ExcellenceT3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of Excellence
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 

Último

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

The Security Framework for Workflow Management Systems

  • 1. The Security Framework for Workflow management systems Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com Department of Computer Science and Information Engineering National Taiwan Normal University
  • 2. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 2
  • 3. Introduction of Workflow Management Systems (WfMSs)  Definition:  Software systems that support coordination and cooperation among members of an organization whilst they perform complex business tasks.  Business tasks are modeled as workflow processes that are automated by the WfMS.  An activity is a logic step within a workflow, which includes the information about the starting and stopping conditions.  A person who participates in the execution of an activity is called a participant of that activity.  A workflow process instance represents a state of execution of a workflow process definition by the WfMS, and is usually controlled by the workflow engine. 3
  • 4. Type of Engine-based WfMSs  Centralized WfMS  Focus on executing workflow processes within a single organization at one location in a single workflow engine.  Distributed WfMS  Establish multiple workflow engines  Balance the load among the workflow engines as the number of users increases.  Reduce the communication time between the participants in the activity and the workflow engines. 4
  • 5. Centralized WfMS  A workflow process is executed by a single workflow engine that communicates with all of the participants in the activity. A1 A2 A3 A6A4 A5 Workflow engine Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Process instance migration User communication 5
  • 6. Distributed WfMS  Multiple workflow engines in different places.  Can be used to build up the cross-enterprise WfMS that controls the execution of cross-enterprise workflow processes. A1 A2 A3 A6A4 A5 Workflow engine 2 Workflow engine 3 Workflow engine 1 Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Public network Public network Public network Process instance migration User communication 6
  • 7. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 7
  • 8. Problems and Difficulties for Engine-based WfMS in the Cloud Security  Authentication  Refers to reliably verifying the identity of the task execution agents.  Confidentiality  Refers to unauthorized disclosure of information including the workflow specification, and the workflow instances during its execution.  Seems ok. 8
  • 9. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Security  Data integrity  Refers to the unauthorized modification of information, again including the workflow specification as well as the data manipulated during the execution of a workflow instance.  Nonrepudiation  Refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract.  Just guaranteed by SLA? 9
  • 10. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Scalability  Reasons for scalable WfMS in the Cloud  Participants are dynamically.  Multi-tenancy WfMS requirement.  How to store huge amount of process instances?  Traditional way:  Store and manage process instances in relational database.  What is the appropriate form of process instances? 10
  • 11. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Cross-Enterprise  Only when we can solve the security and scalability problem.  The process instances should guarantee nonrepudiation.  SLA seems not enough.  Other  Secured process instance migration  User control migration  Process instance replication in different clouds  User control replication 11
  • 12. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 12
  • 13. Our Solution – DRA4WfMS  Document Routing Architecture for WfMS (DRA4WfMS)  Engine-less WfMS  Supports a purely distributed operational model without needing a workflow engine to act as a trusted centralized point of coordination.  XML-based document-routing system.  Security framework  Implements the main required security features such as authentication, confidentiality, data integrity, and nonrepudiation.  Applying element-wise encryption and a cascade-based method to embed digital signatures.  Dynamic security policy  Managing and controlling data accesses according to the dynamic behavior of workflow processes. 13
  • 14. Operational Models of DRA4WfMS  Basic operational model  Only support authentication, confidentiality, data integrity, and nonrepudiation.  Advanced operational model  Also support workflow monitor. 14
  • 15. Basic operational model of the DRA4WfMS 15 AEA (Activity Execution Agent) AEA AEA Start End Execution result of the activity Digital signature embedded by the workflow participant Workflow definition Digital signature embedded by the workflow designer Synchronous communication A1 A2 A3
  • 16. Advanced operational model of the DRA4WfMS AEA AEA Start Execution result of the activity Digital signature embedded by the workflow participant Time stamp embedded by the timestamp server Workflow definition Digital signature embedded by the workflow designer (1) (2) TFC Server (Timestamp and Flow- Control Server) Synchronous communication Secured initial DRA4WfMS document TFC Server … A1 A2 16
  • 17. Architecture and XML-based syntax of a DRA4WfMS document Header section Application definition section Unique process id Workflow definition section Security definition section A digital signature Activity execution result section 17 <?xml version="1.0"?> <DRA4WfMS:DRA4WfMS xmlns:DRA4WfMS="http://www.DRA4WfMS.org/2010"> <UID Id="X1"/> <APDefinition Id="X2"> <!--Workflow Definition section--> <WorkflowDefinition> <Participants>...</Participants> <Activities>...</Activities> <Transitions>...</Transitions> </WorkflowDefinition> <!--Security definition section--> <SecurityDefinition> <SignatureKeyIssuer C=".." S=".." L=".." O=".." OU=".." CN=".."/> <KeyDefinitions>...</KeyDefinitions> <AlgorithmDefinitions>...</AlgorithmDefinitions> <EncryptionDefinitions>...</EncryptionDefinitions> </SecurityDefinition> <Signature Id="Y"> ... </Signature > </APDefinition> <!--Activity execution result section--> <CERs> <CER Id="CER:Aid:Index"> ... </CER> ... </CERs> </DRA4WfMS:DRA4WfMS>
  • 18. Process instance of DRA4WfMS  Each process instance contains the execution results of previous executed activities.  Guarantee nonrepudiation.  Element-wise encryption.  Self-protected  Without requiring an access-control server. 18
  • 19. 19 Applying DRA4WfMS in Cloud computing environment A1 download the document from portal servers AEA A1 (1) (2) (3) (4) (5) DRA4WfMS documents pool DRA4WfMS Cloud system Portal servers …… (6) AEA A2 Return the result document Stores it in the pool of DRA4WfMS documents
  • 20. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 20
  • 21. Implementation  DRA4WfMS API  Implemented by the Java programming language.  Ready for download  http://www.csie.ntnu.edu.tw/~ghhwang/DRA4WfMS/DRA4WfMS_EXAMPLES.zip  DRA4WfMS cloud system in the HBase database of Apache Hadoop  Store process instance in HBase.  Provide the following operations:  Search DRA4WfMS documents  Retrieve a DRA4WfMS document  Store a DRA4WfMS document  Notify the subsequent participants  Perform workflow monitoring or statistical analyses 21
  • 22. Two workflow processes for conducting experiments Start of workflow End of workflow Activity Connection edge Condition TFC Server A B1 B2 C D Accept Attachment is insufficient. (A) A B1 B2 C D Accept (B) Attachment is insufficient . AND- split AND- join AND- split AND- join Initial document Initial document 22
  • 23. Result parameters for the workflow shown in Fig. A 23
  • 24. Result parameters for the workflow shown in Fig. B : Time required to decrypt and verify signatures in the AEA and TFC server (in seconds) : Time required to encrypt and embed signatures in the AEA (in seconds) : Time required to encrypt and embed signatures in the TFC server (in seconds) : Size of the generated file (in bytes) 24
  • 25. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 25
  • 26. Conclusion  We propose a secured WfMS for the cloud computing environment.  Document Routing Architecture for WfMS (DRA4WfMS)  Does not require a workflow engine to control the execution of activities  Avoid the security problems that may arise in engine-based distributed WfMSs.  Element-wise encryption and Cascade-based method of embedding digital signatures  Make DRA4WfMS document self-protected without requiring an access-control server.  Security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service-level agreements between users and cloud service providers.  Different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system.  Easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system. 26