Modelling workflow executions under role-based authorisation control

Ligang He, Kewei Duan, Xueguang Chen, Deqing Zou, Zongfen Han, Ali Fadavinia, Stephen A Jarvis

Research output: Chapter in Book/Report/Conference proceedingChapter

4 Citations (Scopus)

Abstract

Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.
Original languageEnglish
Title of host publicationProceedings - 2011 IEEE International Conference on Services Computing, SCC 2011
Place of PublicationPiscataway, NJ
PublisherIEEE
Pages200-208
Number of pages9
ISBN (Print)978-1-4577-0863-3
DOIs
Publication statusPublished - Jul 2011
Event2011 IEEE International Conference on Services Computing - Washington, USA United States
Duration: 4 Jul 20119 Jul 2011

Conference

Conference2011 IEEE International Conference on Services Computing
Abbreviated titleSCC 2011
CountryUSA United States
CityWashington
Period4/07/119/07/11

Fingerprint

Petri nets
Access control
Industry

Cite this

He, L., Duan, K., Chen, X., Zou, D., Han, Z., Fadavinia, A., & Jarvis, S. A. (2011). Modelling workflow executions under role-based authorisation control. In Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011 (pp. 200-208). [6009262] Piscataway, NJ: IEEE. https://doi.org/10.1109/SCC.2011.56

Modelling workflow executions under role-based authorisation control. / He, Ligang; Duan, Kewei; Chen, Xueguang; Zou, Deqing; Han, Zongfen; Fadavinia, Ali; Jarvis, Stephen A.

Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011. Piscataway, NJ : IEEE, 2011. p. 200-208 6009262.

Research output: Chapter in Book/Report/Conference proceedingChapter

He, L, Duan, K, Chen, X, Zou, D, Han, Z, Fadavinia, A & Jarvis, SA 2011, Modelling workflow executions under role-based authorisation control. in Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011., 6009262, IEEE, Piscataway, NJ, pp. 200-208, 2011 IEEE International Conference on Services Computing, Washington, USA United States, 4/07/11. https://doi.org/10.1109/SCC.2011.56
He L, Duan K, Chen X, Zou D, Han Z, Fadavinia A et al. Modelling workflow executions under role-based authorisation control. In Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011. Piscataway, NJ: IEEE. 2011. p. 200-208. 6009262 https://doi.org/10.1109/SCC.2011.56
He, Ligang ; Duan, Kewei ; Chen, Xueguang ; Zou, Deqing ; Han, Zongfen ; Fadavinia, Ali ; Jarvis, Stephen A. / Modelling workflow executions under role-based authorisation control. Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011. Piscataway, NJ : IEEE, 2011. pp. 200-208
@inbook{80d2bed8face472d8f8b8dd8f3d50d85,
title = "Modelling workflow executions under role-based authorisation control",
abstract = "Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.",
author = "Ligang He and Kewei Duan and Xueguang Chen and Deqing Zou and Zongfen Han and Ali Fadavinia and Jarvis, {Stephen A}",
year = "2011",
month = "7",
doi = "10.1109/SCC.2011.56",
language = "English",
isbn = "978-1-4577-0863-3",
pages = "200--208",
booktitle = "Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011",
publisher = "IEEE",
address = "USA United States",

}

TY - CHAP

T1 - Modelling workflow executions under role-based authorisation control

AU - He, Ligang

AU - Duan, Kewei

AU - Chen, Xueguang

AU - Zou, Deqing

AU - Han, Zongfen

AU - Fadavinia, Ali

AU - Jarvis, Stephen A

PY - 2011/7

Y1 - 2011/7

N2 - Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.

AB - Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.

UR - http://dx.doi.org/10.1109/SCC.2011.56

U2 - 10.1109/SCC.2011.56

DO - 10.1109/SCC.2011.56

M3 - Chapter

SN - 978-1-4577-0863-3

SP - 200

EP - 208

BT - Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011

PB - IEEE

CY - Piscataway, NJ

ER -