Trust-Based Secure Workflow Path Construction

  • M. Altunay
  • D. Brown
  • G. Byrd
  • R. Dean
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3826)


Security and trust relationships between services significantly govern their willingness to collaborate and participate in a workflow. Existing workflow tools do not consider such relationships as an integral part of their planning logic: rather, they approach security as a run-time issue. We present a workflow management framework that fully integrates trust and security into the workflow planning logic. It considers not only trust relationships between the workflow requestor and individual services, but also trust relationships among the services themselves. It allows each service owner to define an upper layer of collaboration policies (rules that specify the terms under which participation in a workflow is allowed) and integrates them into the planning logic. Services that are unfit for collaboration due to security violations are replaced at the planning stage. This approach increases the services owners’ control over the workflow path, their willingness for collaboration, and avoids run-time security failures.


Trust Relationship Access Control Policy Execution Path Access Control Model Globus Toolkit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Foster, I., Kesselman, C., Nick, J., Tuecke, S.: Open Grid Service Infrastructure WG, Global Grid Forum (2002)Google Scholar
  2. 2.
    Foster, I., Kesselman, C.: Globus: A Metacomputing Infrastructure Toolkit. Intl J. Supercomputer Applications 11(2), 115–128 (1997)CrossRefGoogle Scholar
  3. 3.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. Intl. J. Supercomputer Applications 15(3) (2001)Google Scholar
  4. 4.
    Sandhu, R.: Role-Based Access Control Models. IEEE Computer 29(2), 34–47 (1996)Google Scholar
  5. 5.
    Thomas, R.K., Sandhu, R.: Towards a Task-based Paradigm for Flexible and Adaptable Access Control in Distributed Applications. In: ACM SIGSAC New Security Paradigms Workshop, pp. 138–142 (1992-1993)Google Scholar
  6. 6.
    Blaze, M., Feigenbaum, J., Ioannadis, J., Keromytis, A.D.: The role of trust management in distributed systems security. In: Secure Internet Programming: the Security Issues for Mobile and Distributed Objects, pp. 185–210. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Raman, R., Livny, M., Solomon, M.: Matchmaking: Distributed Resource Management for High Throughput Computing. In: Seventh IEEE Intl. Symp. on High-Performance Distributed. Computing, HPDC (1998)Google Scholar
  8. 8.
    Czajkowski, K., et al.: Grid Information Services for Distributed Resource Sharing. In: 10th IEEE Intl. Symp. on High-Performance Distributed Computing, HPDC-10 (2001)Google Scholar
  9. 9.
    Atluri, V., Huang, W.-K.: An Authorization Model for Workflows. In: Fifth European Symp. on Research in Computer Security, pp. 44–64 (1996)Google Scholar
  10. 10.
    Knorr, K.: Dynamic access control through Petri net workflows. In: 16th Conf. on Computer Security Applications (ACSAC 2000), pp. 159–167 (2000)Google Scholar
  11. 11.
    Huang, W.-K., Atluri, V.: SecureFlow: A Secure Web-enabled Workflow Management System. In: 4th ACM Workshop on Role-based Access Control (1999)Google Scholar
  12. 12.
    Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. on Information and System Security 2(1), 65–104 (1999)CrossRefGoogle Scholar
  13. 13.
    Tan, K., Crampton, J., Gunter, C.A.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: 17th IEEE Computer Security Foundations Workshop (CSFW 2004), pp. 155–169 (2004)Google Scholar
  14. 14.
    Hung, P.C.K., Karlapalem, K.: A secure Workflow Model. In: Australasian Information Security Workshop Conference, pp. 33–41 (2003)Google Scholar
  15. 15.
    Kang, M.H., Park, J.S., Froscher, J.N.: Access-Control Mechanisms for Inter Organizational Workflow. In: Sixth ACM Symp. on Access Control Models and Technologies, pp. 66–74 (2001)Google Scholar
  16. 16.
    Koshutanski, H., Massacci, V.: An Access Control Framework for Business Processes for Web Services. In: ACM Workshop on XML Security, pp. 15–24 (2003)Google Scholar
  17. 17.
    Kim, S.-H., Kim, J., Hong, S.-J., Kim, S.: Workflow-based Authorization Service in Grid. In: Fourth Intl. Workshop on Grid Computing (GRID 2003), pp. 94–100 (2003)Google Scholar
  18. 18.
    Deelman, E., Blythe, J., Gil, Y., Kesselman, C., Mehta, G., Patil, S., Su, M.-H., Vahi, K., Livny, M.: Pegasus: Mapping Scientific Workflow onto the Grid. In: Across Grids Conference, pp. 11–20 (2004)Google Scholar
  19. 19.
    Buyya, R., Abramson, D., Giddy, J.: Nimrod/G: An Architecture for a Resource Management and Scheduling System in a Global Computational Grid. In: Fourth Intl. Conference On High Performance Computing in Asia-Pacific Region (HPC ASIA 2000). vol. (1), pp. 283–289 (2000)Google Scholar
  20. 20.
    Cao, J., Jarvis, S.A., Saini, S., Nudd, G.R.: GridFlow: Workflow Management for Grid Computing. In: Third IEEE/ACM Intl. Symposium on Cluster Computing and the Grid (CCGRID 2003), pp. 198–205 (2003)Google Scholar
  21. 21.
    Standards for Privacy of Individually Identifiable Health Information (HPR). 45 CFR 164.C. Federal Register, 68(34), 8334–8381 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • M. Altunay
    • 1
  • D. Brown
    • 1
  • G. Byrd
    • 1
  • R. Dean
    • 1
  1. 1.North Carolina State UniversityRaleighUSA

Personalised recommendations