Abstract
The execution of business processes in the decentralized setting raises security requirements due to the lack of a dedicated infrastructure in charge of management and control tasks. Basic security features including compliance of the overall sequence of workflow operations with the pre-defined workflow execution plan or traceability become critical issues that are yet to be addressed. In this paper, we suggest new security mechanisms capitalizing on onion encryption and group encryption techniques in order to assure the integrity of the distributed execution of workflows and to manage traceability with respect to sensitive workflow instances. We carry out an in depth analysis of the security properties offered by these mechanisms. Our solution can easily be integrated into distributed workflow management systems as its design is strongly coupled with the runtime specification of decentralized workflows.
This work has been partially sponsored by EU IST Directorate General as a part of FP6 IST project R4eGov and by SAP Labs France S.A.S.
Chapter PDF
Similar content being viewed by others
References
Barbara, D., Mehrotra, S., Rusinkiewicz, M.: Incas: Managing dynamic workflows in distributed environments. Journal of Database Management 7(1) (1996)
Cichocki, A., Rusinkiewicz, M.: Providing transactional properties for migrating workflows. Mob. Netw. Appl. 9(5), 473–480 (2004)
Montagut, F., Molva, R.: Enabling pervasive execution of workflows. In: Proceedings of the 1st IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom, IEEE Computer Society Press, Los Alamitos (2005)
Atluri, V., Chun, S.A., Mazzoleni, P.: A chinese wall security model for decentralized workflow systems. In: CCS 2001: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 48–57. ACM Press, New York (2001)
Chou, S.C., Liu, A.F., Wu, C.J.: Preventing information leakage within workflows that execute among competing organizations. J. Syst. Softw. 75(1-2), 109–123 (2005)
Kang, M.H., Park, J.S., Froscher, J.N.: Access control mechanisms for inter-organizational workflow. In: SACMAT 2001: Proceedings of the sixth ACM symposium on Access control models and technologies, pp. 66–74. ACM Press, New York (2001)
Montagut, F., Molva, R.: Enforcing integrity of execution in distributed workflow management systems. In: SCC 2007. 2007 International Conference on Services Computing, Salt Lake City, USA, July 9-13, 2007 (2007)
Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, USA, pp. 44–54. IEEE Computer Society Press, Los Alamitos (1997)
Bagga, W., Molva, R.: Policy-based cryptography and applications. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, Springer, Heidelberg (2005)
Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–271. Springer, Heidelberg (2000)
Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Paterson, K.: Id-based signatures from pairings on elliptic curves. Electronics Letters 38(18), 1025–1026 (2002)
Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)
Hung, P.C.K., Karlapalem, K.: A secure workflow model. In: ACSW Frontiers 2003. Proceedings of the Australasian information security workshop conference on ACSW frontiers, pp. 33–41 (2003)
Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)
Kong, J., Hong, X.: Anodr: anonymous on demand routing with untraceable routes for mobile ad-hoc networks. In: MobiHoc 2003: Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing, pp. 291–302. ACM Press, New York (2003)
Korba, L., Song, R., Yee, G.: Anonymous communications for mobile agents. In: Karmouch, A., Magedanz, T., Delgado, J. (eds.) MATA 2002. LNCS, vol. 2521, pp. 171–181. Springer, Heidelberg (2002)
Nanda, M.G., Karnik, N.: Synchronization analysis for decentralizing composite web services. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 407–414. Springer, Heidelberg (2004)
Tripathi, A.R., Ahmed, T., Kumar, R.: Specification of secure distributed collaboration systems. In: ISADS ’03. Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems, p. 149 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Montagut, F., Molva, R. (2007). Traceability and Integrity of Execution in Distributed Workflow Management Systems. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)