Modeling and analyzing the impact of authorization on workflow executions

L He, C Huang, Kewei Duan, K Li, H Chen, J Sun, S A Jarvis

Research output: Contribution to journalArticle

12 Citations (Scopus)

Abstract

It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.
Original languageEnglish
Pages (from-to)1177-1193
JournalFuture Generation Computer Systems
Volume28
Issue number8
DOIs
Publication statusPublished - Oct 2012

Fingerprint

Petri nets
Personnel
Planning
Industry

Cite this

He, L., Huang, C., Duan, K., Li, K., Chen, H., Sun, J., & Jarvis, S. A. (2012). Modeling and analyzing the impact of authorization on workflow executions. Future Generation Computer Systems, 28(8), 1177-1193. https://doi.org/10.1016/j.future.2012.03.003

Modeling and analyzing the impact of authorization on workflow executions. / He, L; Huang, C; Duan, Kewei; Li, K; Chen, H; Sun, J; Jarvis, S A.

In: Future Generation Computer Systems, Vol. 28, No. 8, 10.2012, p. 1177-1193.

Research output: Contribution to journalArticle

He, L, Huang, C, Duan, K, Li, K, Chen, H, Sun, J & Jarvis, SA 2012, 'Modeling and analyzing the impact of authorization on workflow executions', Future Generation Computer Systems, vol. 28, no. 8, pp. 1177-1193. https://doi.org/10.1016/j.future.2012.03.003
He, L ; Huang, C ; Duan, Kewei ; Li, K ; Chen, H ; Sun, J ; Jarvis, S A. / Modeling and analyzing the impact of authorization on workflow executions. In: Future Generation Computer Systems. 2012 ; Vol. 28, No. 8. pp. 1177-1193.
@article{4934f0e62eb04eee961df9d844deeed0,
title = "Modeling and analyzing the impact of authorization on workflow executions",
abstract = "It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.",
author = "L He and C Huang and Kewei Duan and K Li and H Chen and J Sun and Jarvis, {S A}",
year = "2012",
month = "10",
doi = "10.1016/j.future.2012.03.003",
language = "English",
volume = "28",
pages = "1177--1193",
journal = "Future Generation Computer Systems",
issn = "0167-739X",
publisher = "Elsevier",
number = "8",

}

TY - JOUR

T1 - Modeling and analyzing the impact of authorization on workflow executions

AU - He, L

AU - Huang, C

AU - Duan, Kewei

AU - Li, K

AU - Chen, H

AU - Sun, J

AU - Jarvis, S A

PY - 2012/10

Y1 - 2012/10

N2 - It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.

AB - It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.

UR - http://www.scopus.com/inward/record.url?scp=84862175102&partnerID=8YFLogxK

UR - http://dx.doi.org/10.1016/j.future.2012.03.003

U2 - 10.1016/j.future.2012.03.003

DO - 10.1016/j.future.2012.03.003

M3 - Article

VL - 28

SP - 1177

EP - 1193

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

SN - 0167-739X

IS - 8

ER -