SlideShare uma empresa Scribd logo

The Security Framework for Workflow Management Systems

Transferir como PPTX, PDF
Swanky Hsiao
Swanky Hsiao

2013-09-25@Department of Computer Science, University of Taipei Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com

Tecnologia
1 de 27
The Security Framework for Workflow management systems Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com Department of Computer Science and Information Engineering National Taiwan Normal University
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 2
Introduction of Workflow Management Systems (WfMSs)  Definition:  Software systems that support coordination and cooperation among members of an organization whilst they perform complex business tasks.  Business tasks are modeled as workflow processes that are automated by the WfMS.  An activity is a logic step within a workflow, which includes the information about the starting and stopping conditions.  A person who participates in the execution of an activity is called a participant of that activity.  A workflow process instance represents a state of execution of a workflow process definition by the WfMS, and is usually controlled by the workflow engine. 3
Type of Engine-based WfMSs  Centralized WfMS  Focus on executing workflow processes within a single organization at one location in a single workflow engine.  Distributed WfMS  Establish multiple workflow engines  Balance the load among the workflow engines as the number of users increases.  Reduce the communication time between the participants in the activity and the workflow engines. 4
Centralized WfMS  A workflow process is executed by a single workflow engine that communicates with all of the participants in the activity. A1 A2 A3 A6A4 A5 Workflow engine Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Process instance migration User communication 5
Distributed WfMS  Multiple workflow engines in different places.  Can be used to build up the cross-enterprise WfMS that controls the execution of cross-enterprise workflow processes. A1 A2 A3 A6A4 A5 Workflow engine 2 Workflow engine 3 Workflow engine 1 Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Public network Public network Public network Process instance migration User communication 6
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 7
Problems and Difficulties for Engine-based WfMS in the Cloud Security  Authentication  Refers to reliably verifying the identity of the task execution agents.  Confidentiality  Refers to unauthorized disclosure of information including the workflow specification, and the workflow instances during its execution.  Seems ok. 8
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Security  Data integrity  Refers to the unauthorized modification of information, again including the workflow specification as well as the data manipulated during the execution of a workflow instance.  Nonrepudiation  Refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract.  Just guaranteed by SLA? 9
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Scalability  Reasons for scalable WfMS in the Cloud  Participants are dynamically.  Multi-tenancy WfMS requirement.  How to store huge amount of process instances?  Traditional way:  Store and manage process instances in relational database.  What is the appropriate form of process instances? 10
Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Cross-Enterprise  Only when we can solve the security and scalability problem.  The process instances should guarantee nonrepudiation.  SLA seems not enough.  Other  Secured process instance migration  User control migration  Process instance replication in different clouds  User control replication 11
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 12
Our Solution – DRA4WfMS  Document Routing Architecture for WfMS (DRA4WfMS)  Engine-less WfMS  Supports a purely distributed operational model without needing a workflow engine to act as a trusted centralized point of coordination.  XML-based document-routing system.  Security framework  Implements the main required security features such as authentication, confidentiality, data integrity, and nonrepudiation.  Applying element-wise encryption and a cascade-based method to embed digital signatures.  Dynamic security policy  Managing and controlling data accesses according to the dynamic behavior of workflow processes. 13
Operational Models of DRA4WfMS  Basic operational model  Only support authentication, confidentiality, data integrity, and nonrepudiation.  Advanced operational model  Also support workflow monitor. 14
Basic operational model of the DRA4WfMS 15 AEA (Activity Execution Agent) AEA AEA Start End Execution result of the activity Digital signature embedded by the workflow participant Workflow definition Digital signature embedded by the workflow designer Synchronous communication A1 A2 A3
Advanced operational model of the DRA4WfMS AEA AEA Start Execution result of the activity Digital signature embedded by the workflow participant Time stamp embedded by the timestamp server Workflow definition Digital signature embedded by the workflow designer (1) (2) TFC Server (Timestamp and Flow- Control Server) Synchronous communication Secured initial DRA4WfMS document TFC Server … A1 A2 16
Architecture and XML-based syntax of a DRA4WfMS document Header section Application definition section Unique process id Workflow definition section Security definition section A digital signature Activity execution result section 17 <?xml version="1.0"?> <DRA4WfMS:DRA4WfMS xmlns:DRA4WfMS="http://www.DRA4WfMS.org/2010"> <UID Id="X1"/> <APDefinition Id="X2"> <!--Workflow Definition section--> <WorkflowDefinition> <Participants>...</Participants> <Activities>...</Activities> <Transitions>...</Transitions> </WorkflowDefinition> <!--Security definition section--> <SecurityDefinition> <SignatureKeyIssuer C=".." S=".." L=".." O=".." OU=".." CN=".."/> <KeyDefinitions>...</KeyDefinitions> <AlgorithmDefinitions>...</AlgorithmDefinitions> <EncryptionDefinitions>...</EncryptionDefinitions> </SecurityDefinition> <Signature Id="Y"> ... </Signature > </APDefinition> <!--Activity execution result section--> <CERs> <CER Id="CER:Aid:Index"> ... </CER> ... </CERs> </DRA4WfMS:DRA4WfMS>
Process instance of DRA4WfMS  Each process instance contains the execution results of previous executed activities.  Guarantee nonrepudiation.  Element-wise encryption.  Self-protected  Without requiring an access-control server. 18
19 Applying DRA4WfMS in Cloud computing environment A1 download the document from portal servers AEA A1 (1) (2) (3) (4) (5) DRA4WfMS documents pool DRA4WfMS Cloud system Portal servers …… (6) AEA A2 Return the result document Stores it in the pool of DRA4WfMS documents
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 20
Implementation  DRA4WfMS API  Implemented by the Java programming language.  Ready for download  http://www.csie.ntnu.edu.tw/~ghhwang/DRA4WfMS/DRA4WfMS_EXAMPLES.zip  DRA4WfMS cloud system in the HBase database of Apache Hadoop  Store process instance in HBase.  Provide the following operations:  Search DRA4WfMS documents  Retrieve a DRA4WfMS document  Store a DRA4WfMS document  Notify the subsequent participants  Perform workflow monitoring or statistical analyses 21
Two workflow processes for conducting experiments Start of workflow End of workflow Activity Connection edge Condition TFC Server A B1 B2 C D Accept Attachment is insufficient. (A) A B1 B2 C D Accept (B) Attachment is insufficient . AND- split AND- join AND- split AND- join Initial document Initial document 22
Result parameters for the workflow shown in Fig. A 23
Result parameters for the workflow shown in Fig. B : Time required to decrypt and verify signatures in the AEA and TFC server (in seconds) : Time required to encrypt and embed signatures in the AEA (in seconds) : Time required to encrypt and embed signatures in the TFC server (in seconds) : Size of the generated file (in bytes) 24
Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 25
Conclusion  We propose a secured WfMS for the cloud computing environment.  Document Routing Architecture for WfMS (DRA4WfMS)  Does not require a workflow engine to control the execution of activities  Avoid the security problems that may arise in engine-based distributed WfMSs.  Element-wise encryption and Cascade-based method of embedding digital signatures  Make DRA4WfMS document self-protected without requiring an access-control server.  Security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service-level agreements between users and cloud service providers.  Different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system.  Easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system. 26
THANK YOU! 27

Recomendados

DevOps_SelfHealing
DevOps_SelfHealingDevOps_SelfHealing
DevOps_SelfHealingAtul Dhingra
 
Ch24
Ch24Ch24
Ch24Welly Dian Astika
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Flevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionFlevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionDavid Tracy
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 

Recomendados

DevOps_SelfHealing
DevOps_SelfHealingDevOps_SelfHealing
DevOps_SelfHealingAtul Dhingra
 
Ch24
Ch24Ch24
Ch24Welly Dian Astika
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Flevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionFlevy.com - Feasibility Study Template for Electronic Software Distribution
Flevy.com - Feasibility Study Template for Electronic Software DistributionDavid Tracy
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 
Installation
InstallationInstallation
InstallationChuan Ha Quang
 
24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMSkoolkampus
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016Pukhraj Paliwal
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL ServerBob Roudebush
 
Resume 23 Nov 2015
Resume 23 Nov 2015Resume 23 Nov 2015
Resume 23 Nov 2015Pukhraj Paliwal
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprintKunKun Ng
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...ijgca
 
Sudheendra
SudheendraSudheendra
SudheendraSudheendra P
 
Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirtWomensHealthFan
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Phil Agcaoili
 
Campus jueves
Campus juevesCampus jueves
Campus juevescampus party
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
Iso2700
Iso2700 Iso2700
Iso2700 madunix
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасностиDmitry Sanatov
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businessescyrusone
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 

Mais conteúdo relacionado

Mais procurados

24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMSkoolkampus
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL ServerBob Roudebush
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprintKunKun Ng
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...ijgca
 

Mais procurados (9)

Installation
InstallationInstallation
Installation
 
24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS24. Advanced Transaction Processing in DBMS
24. Advanced Transaction Processing in DBMS
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL Server
 
Resume 23 Nov 2015
Resume 23 Nov 2015Resume 23 Nov 2015
Resume 23 Nov 2015
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
 
Xenapp deployment-blueprint
Xenapp deployment-blueprintXenapp deployment-blueprint
Xenapp deployment-blueprint
 
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
SERVICE LEVEL AGREEMENT BASED FAULT TOLERANT WORKLOAD SCHEDULING IN CLOUD COM...
 
Sudheendra
SudheendraSudheendra
Sudheendra
 

Destaque

Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirtWomensHealthFan
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Phil Agcaoili
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
Iso2700
Iso2700 Iso2700
Iso2700 madunix
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасностиDmitry Sanatov
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businessescyrusone
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Web Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMWeb Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMComma Group
 
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Comma Group
 

Destaque (18)

Urogynics do you exert and squirt
Urogynics do you exert and squirtUrogynics do you exert and squirt
Urogynics do you exert and squirt
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4edition
 
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
 
Campus jueves
Campus juevesCampus jueves
Campus jueves
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
 
Iso2700
Iso2700 Iso2700
Iso2700
 
схемы по политике кибербезопасности
схемы по политике кибербезопасностисхемы по политике кибербезопасности
схемы по политике кибербезопасности
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for BusinessesData Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Paratextoo
ParatextooParatextoo
Paratextoo
 
Web Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEMWeb Engagement Seminar Sparc: From WCM to WEM
Web Engagement Seminar Sparc: From WCM to WEM
 
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
Keynote EpiServer - seminar Content & Community-driven Commerce 20/03
 
Ipv4 vs ipv6
Ipv4 vs ipv6Ipv4 vs ipv6
Ipv4 vs ipv6
 

Semelhante a The Security Framework for Workflow Management Systems

WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflowguest6295d0
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbourIT
 
Distributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningDistributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningAr Agarwal
 
shivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationshivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationAkash Maurya
 
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikMicrosoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikABTO Software
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
Accelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationAccelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationCognizant
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Surekha_haoop_exp
Surekha_haoop_expSurekha_haoop_exp
Surekha_haoop_expsurekhakadi
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015James Tramel
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Kesavan Munuswamy
 
MVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCMVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCAnton Krasnoshchok
 
T3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of ExcellenceT3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of Excellenceveehikle
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 

Semelhante a The Security Framework for Workflow Management Systems (20)

WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflow
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 Wrap
 
Distributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningDistributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud Provisioning
 
shivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentationshivkumar pathak web based manufacturing presentation
shivkumar pathak web based manufacturing presentation
 
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture GarntsarikMicrosoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
Microsoft Sync Framework (part 1) ABTO Software Lecture Garntsarik
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
PDC Highlights
PDC HighlightsPDC Highlights
PDC Highlights
 
Accelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud AutomationAccelerating Time-to-Value Through Hybrid Cloud Automation
Accelerating Time-to-Value Through Hybrid Cloud Automation
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Security Operations
Security OperationsSecurity Operations
Security Operations
 
Surekha_haoop_exp
Surekha_haoop_expSurekha_haoop_exp
Surekha_haoop_exp
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015
 
MVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVCMVC Pattern. Flex implementation of MVC
MVC Pattern. Flex implementation of MVC
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
As4301234238
As4301234238As4301234238
As4301234238
 
T3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of ExcellenceT3 Consortium's Performance Center of Excellence
T3 Consortium's Performance Center of Excellence
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

The Security Framework for Workflow Management Systems

  • 1. The Security Framework for Workflow management systems Dr. Hsiao Yu-Cheng swanky.hsiao@gmail.com Department of Computer Science and Information Engineering National Taiwan Normal University
  • 2. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 2
  • 3. Introduction of Workflow Management Systems (WfMSs)  Definition:  Software systems that support coordination and cooperation among members of an organization whilst they perform complex business tasks.  Business tasks are modeled as workflow processes that are automated by the WfMS.  An activity is a logic step within a workflow, which includes the information about the starting and stopping conditions.  A person who participates in the execution of an activity is called a participant of that activity.  A workflow process instance represents a state of execution of a workflow process definition by the WfMS, and is usually controlled by the workflow engine. 3
  • 4. Type of Engine-based WfMSs  Centralized WfMS  Focus on executing workflow processes within a single organization at one location in a single workflow engine.  Distributed WfMS  Establish multiple workflow engines  Balance the load among the workflow engines as the number of users increases.  Reduce the communication time between the participants in the activity and the workflow engines. 4
  • 5. Centralized WfMS  A workflow process is executed by a single workflow engine that communicates with all of the participants in the activity. A1 A2 A3 A6A4 A5 Workflow engine Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Process instance migration User communication 5
  • 6. Distributed WfMS  Multiple workflow engines in different places.  Can be used to build up the cross-enterprise WfMS that controls the execution of cross-enterprise workflow processes. A1 A2 A3 A6A4 A5 Workflow engine 2 Workflow engine 3 Workflow engine 1 Start of workflow End of workflow Activity Flow control edge Participant Workflow engine Public network Public network Public network Process instance migration User communication 6
  • 7. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 7
  • 8. Problems and Difficulties for Engine-based WfMS in the Cloud Security  Authentication  Refers to reliably verifying the identity of the task execution agents.  Confidentiality  Refers to unauthorized disclosure of information including the workflow specification, and the workflow instances during its execution.  Seems ok. 8
  • 9. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Security  Data integrity  Refers to the unauthorized modification of information, again including the workflow specification as well as the data manipulated during the execution of a workflow instance.  Nonrepudiation  Refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract.  Just guaranteed by SLA? 9
  • 10. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Scalability  Reasons for scalable WfMS in the Cloud  Participants are dynamically.  Multi-tenancy WfMS requirement.  How to store huge amount of process instances?  Traditional way:  Store and manage process instances in relational database.  What is the appropriate form of process instances? 10
  • 11. Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)  Cross-Enterprise  Only when we can solve the security and scalability problem.  The process instances should guarantee nonrepudiation.  SLA seems not enough.  Other  Secured process instance migration  User control migration  Process instance replication in different clouds  User control replication 11
  • 12. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 12
  • 13. Our Solution – DRA4WfMS  Document Routing Architecture for WfMS (DRA4WfMS)  Engine-less WfMS  Supports a purely distributed operational model without needing a workflow engine to act as a trusted centralized point of coordination.  XML-based document-routing system.  Security framework  Implements the main required security features such as authentication, confidentiality, data integrity, and nonrepudiation.  Applying element-wise encryption and a cascade-based method to embed digital signatures.  Dynamic security policy  Managing and controlling data accesses according to the dynamic behavior of workflow processes. 13
  • 14. Operational Models of DRA4WfMS  Basic operational model  Only support authentication, confidentiality, data integrity, and nonrepudiation.  Advanced operational model  Also support workflow monitor. 14
  • 15. Basic operational model of the DRA4WfMS 15 AEA (Activity Execution Agent) AEA AEA Start End Execution result of the activity Digital signature embedded by the workflow participant Workflow definition Digital signature embedded by the workflow designer Synchronous communication A1 A2 A3
  • 16. Advanced operational model of the DRA4WfMS AEA AEA Start Execution result of the activity Digital signature embedded by the workflow participant Time stamp embedded by the timestamp server Workflow definition Digital signature embedded by the workflow designer (1) (2) TFC Server (Timestamp and Flow- Control Server) Synchronous communication Secured initial DRA4WfMS document TFC Server … A1 A2 16
  • 17. Architecture and XML-based syntax of a DRA4WfMS document Header section Application definition section Unique process id Workflow definition section Security definition section A digital signature Activity execution result section 17 <?xml version="1.0"?> <DRA4WfMS:DRA4WfMS xmlns:DRA4WfMS="http://www.DRA4WfMS.org/2010"> <UID Id="X1"/> <APDefinition Id="X2"> <!--Workflow Definition section--> <WorkflowDefinition> <Participants>...</Participants> <Activities>...</Activities> <Transitions>...</Transitions> </WorkflowDefinition> <!--Security definition section--> <SecurityDefinition> <SignatureKeyIssuer C=".." S=".." L=".." O=".." OU=".." CN=".."/> <KeyDefinitions>...</KeyDefinitions> <AlgorithmDefinitions>...</AlgorithmDefinitions> <EncryptionDefinitions>...</EncryptionDefinitions> </SecurityDefinition> <Signature Id="Y"> ... </Signature > </APDefinition> <!--Activity execution result section--> <CERs> <CER Id="CER:Aid:Index"> ... </CER> ... </CERs> </DRA4WfMS:DRA4WfMS>
  • 18. Process instance of DRA4WfMS  Each process instance contains the execution results of previous executed activities.  Guarantee nonrepudiation.  Element-wise encryption.  Self-protected  Without requiring an access-control server. 18
  • 19. 19 Applying DRA4WfMS in Cloud computing environment A1 download the document from portal servers AEA A1 (1) (2) (3) (4) (5) DRA4WfMS documents pool DRA4WfMS Cloud system Portal servers …… (6) AEA A2 Return the result document Stores it in the pool of DRA4WfMS documents
  • 20. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 20
  • 21. Implementation  DRA4WfMS API  Implemented by the Java programming language.  Ready for download  http://www.csie.ntnu.edu.tw/~ghhwang/DRA4WfMS/DRA4WfMS_EXAMPLES.zip  DRA4WfMS cloud system in the HBase database of Apache Hadoop  Store process instance in HBase.  Provide the following operations:  Search DRA4WfMS documents  Retrieve a DRA4WfMS document  Store a DRA4WfMS document  Notify the subsequent participants  Perform workflow monitoring or statistical analyses 21
  • 22. Two workflow processes for conducting experiments Start of workflow End of workflow Activity Connection edge Condition TFC Server A B1 B2 C D Accept Attachment is insufficient. (A) A B1 B2 C D Accept (B) Attachment is insufficient . AND- split AND- join AND- split AND- join Initial document Initial document 22
  • 23. Result parameters for the workflow shown in Fig. A 23
  • 24. Result parameters for the workflow shown in Fig. B : Time required to decrypt and verify signatures in the AEA and TFC server (in seconds) : Time required to encrypt and embed signatures in the AEA (in seconds) : Time required to encrypt and embed signatures in the TFC server (in seconds) : Size of the generated file (in bytes) 24
  • 25. Outlines Introduction of Workflow Management Systems (WfMSs) Challenges of WfMS in the Cloud Our Solution Implementation Conclusion 25
  • 26. Conclusion  We propose a secured WfMS for the cloud computing environment.  Document Routing Architecture for WfMS (DRA4WfMS)  Does not require a workflow engine to control the execution of activities  Avoid the security problems that may arise in engine-based distributed WfMSs.  Element-wise encryption and Cascade-based method of embedding digital signatures  Make DRA4WfMS document self-protected without requiring an access-control server.  Security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service-level agreements between users and cloud service providers.  Different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system.  Easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system. 26