The Security Framework for Workflow

management systems

Dr. Hsiao Yu-Chengswanky.hsiao@gmail.com

Department of Computer Science and Information EngineeringNational Taiwan Normal University

2

OutlinesIntroduction of Workflow

Management Systems (WfMSs)

Challenges of WfMS in the CloudOur SolutionImplementationConclusion

Introduction of Workflow Management Systems (WfMSs) Definition:

Software systems that support coordination and cooperation among members of an organization whilst they perform complex business tasks.

Business tasks are modeled as workflow processes that are automated by the WfMS. An activity is a logic step within a workflow, which includes

the information about the starting and stopping conditions. A person who participates in the execution of an activity is called a

participant of that activity.

A workflow process instance represents a state of execution of a workflow process definition by the WfMS, and is usually controlled by the workflow engine. 3

Type of Engine-based WfMSs Centralized WfMS

Focus on executing workflow processes within a single organization at one location in a single workflow engine.

Distributed WfMS Establish multiple workflow engines

Balance the load among the workflow engines as the number of users increases.

Reduce the communication time between the participants in the activity and the workflow engines.

4

Centralized WfMS A workflow process is executed by a single

workflow engine that communicates with all of the participants in the activity.

A1

A2 A3

A6A4 A5

Workflow engine

Start of workflow

End of workflow

Activity Flow controledge

Participant

Workflowengine

Process instancemigration

User communication

5

Distributed WfMS Multiple workflow engines in different places.

Can be used to build up the cross-enterprise WfMS that controls the execution of cross-enterprise workflow processes.

A1

A2 A3

A6A4 A5

Workflow engine 2

Workflow engine 3

Workflow engine 1

Start of workflow

End of workflow

Activity Flow controledge

Participant

Workflowengine

Public networ

k

Public networ

k

Public networ

k

Process instancemigration

User communication 6

7

OutlinesIntroduction of Workflow

Management Systems (WfMSs)Challenges of WfMS in the

CloudOur SolutionImplementationConclusion

Problems and Difficulties for Engine-based WfMS in the Cloud

Security Authentication

Refers to reliably verifying the identity of the task execution agents.

Confidentiality Refers to unauthorized disclosure of

information including the workflow specification, and the workflow instances during its execution.

Seems ok.

8

Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d) Security

Data integrity Refers to the unauthorized modification of information,

again including the workflow specification as well as the data manipulated during the execution of a workflow instance.

Nonrepudiation Refers to a state of affairs where the purported maker

of a statement will not be able to successfully challenge the validity of the statement or contract.

Just guaranteed by SLA?

9

Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)

Scalability Reasons for scalable WfMS in the Cloud

Participants are dynamically.

Multi-tenancy WfMS requirement.

How to store huge amount of process instances?

Traditional way:

Store and manage process instances in relational database.

What is the appropriate form of process instances?

10

Problems and Difficulties for Engine-based WfMS in the Cloud (Cont’d)

Cross-Enterprise Only when we can solve the security and

scalability problem. The process instances should guarantee nonrepudiation.

SLA seems not enough.

Other Secured process instance migration

User control migration

Process instance replication in different clouds User control replication

11

12

OutlinesIntroduction of Workflow

Management Systems (WfMSs)Challenges of WfMS in the CloudOur SolutionImplementationConclusion

Our Solution – DRA4WfMS Document Routing Architecture for WfMS

(DRA4WfMS) Engine-less WfMS

Supports a purely distributed operational model without needing a workflow engine to act as a trusted centralized point of coordination.

XML-based document-routing system.

Security framework Implements the main required security features such as

authentication, confidentiality, data integrity, and nonrepudiation.

Applying element-wise encryption and a cascade-based method to embed digital signatures.

Dynamic security policy Managing and controlling data accesses according to the dynamic

behavior of workflow processes. 13

Operational Models of DRA4WfMS Basic operational model

Only support authentication, confidentiality, data integrity, and nonrepudiation.

Advanced operational model Also support workflow monitor.

14

Basic operational modelof the DRA4WfMS

15

AEA (Activity Execution Agent)

AEA

AEA

Start End

Execution resultof the activity

Digital signatureembedded by the workflow participant

Workflow definition

Digital signatureembedded by the workflow designer

Synchronouscommunication

A1

A2

A3

𝐗𝐀𝟏

′ ′

Secured initial DRA4WfMS document ()

𝐗𝐀𝟐

′ ′

𝐗𝐀𝟑

′ ′

Advanced operational modelof the DRA4WfMS

AEA

AEA

Start

Execution resultof the activity

Digital signatureembedded by the workflow participant

Time stampembedded by the timestamp server

Workflow definition

Digital signatureembedded by the workflow designer

(1)

(2)

TFC Server(Timestamp and Flow-Control Server)

Synchronouscommunication

Secured initial DRA4WfMS document

TFC Server

…

A1

A2

𝐗𝐀𝟏

𝐢𝐭

𝐗𝐀𝟏

′ ′

𝐗𝐀𝟐

𝐢𝐭

16

Architecture and XML-based syntax of a DRA4WfMS documentHeader section

Application definition section

Unique process id

Workflow definition section

Security definition section

A digital signature

Activity execution result section

17

<?xml version="1.0"?><DRA4WfMS:DRA4WfMS xmlns:DRA4WfMS="http://www.DRA4WfMS.org/2010"> <UID Id="X1"/> <APDefinition Id="X2">

<!--Workflow Definition section--> <WorkflowDefinition> <Participants>...</Participants> <Activities>...</Activities> <Transitions>...</Transitions> </WorkflowDefinition>

<!--Security definition section--> <SecurityDefinition> <SignatureKeyIssuer C=".." S=".." L=".." O=".." OU=".." CN=".."/> <KeyDefinitions>...</KeyDefinitions><AlgorithmDefinitions>...</AlgorithmDefinitions> <EncryptionDefinitions>...</EncryptionDefinitions> </SecurityDefinition> <Signature Id="Y"> ... </Signature > </APDefinition>

<!--Activity execution result section--> <CERs> <CER Id="CER:Aid:Index"> ... </CER> ... </CERs> </DRA4WfMS:DRA4WfMS>

Process instance of DRA4WfMS Each process instance contains the

execution results of previous executed activities.

Guarantee nonrepudiation. Element-wise encryption. Self-protected

Without requiring an access-control server.

18

19

Applying DRA4WfMS in Cloud computing environment

A1 download the document from portal servers

AEA

A1

(1) (2)

(3)

(4)(5)

DRA4WfMS documents pool

DRA4WfMSCloudsystem

Portal servers

……

(6)

  

  

   

AEA

A2

Return the result document

Stores it in the pool of DRA4WfMS documents

20

OutlinesIntroduction of Workflow

Management Systems (WfMSs)Challenges of WfMS in the CloudOur SolutionImplementationConclusion

Implementation DRA4WfMS API

Implemented by the Java programming language.

Ready for download

http://www.csie.ntnu.edu.tw/~ghhwang/DRA4WfMS/DRA4WfMS_EXAMPLES.zip

DRA4WfMS cloud system in the HBase database of Apache Hadoop

Store process instance in HBase.

Provide the following operations:

Search DRA4WfMS documents

Retrieve a DRA4WfMS document

Store a DRA4WfMS document

Notify the subsequent participants

Perform workflow monitoring or statistical analyses

21

Two workflow processes for conducting experiments

Start of workflow

End of workflow

Activity Connectionedge

Condition

TFC Server

A

B1

B2

C D

Accept

Attachment is insufficient.

(A)

A

B1

B2

C D

Accept

(B)

Attachment is insufficient.

AND-split

AND-join

AND-split

AND-join

Initialdocument

Initialdocument

22

Result parameters for the workflowshown in Fig. A

23

Result parameters for the workflowshown in Fig. B

: Time required to decrypt and verify signatures in the AEA and TFC server (in seconds): Time required to encrypt and embed signatures in the AEA (in seconds): Time required to encrypt and embed signatures in the TFC server (in seconds): Size of the generated file (in bytes)

24

25

OutlinesIntroduction of Workflow

Management Systems (WfMSs)Challenges of WfMS in the CloudOur SolutionImplementationConclusion

26

Conclusion We propose a secured WfMS for the cloud computing

environment.

Document Routing Architecture for WfMS (DRA4WfMS) Does not require a workflow engine to control the execution of

activities Avoid the security problems that may arise in engine-based distributed WfMSs.

Element-wise encryption and Cascade-based method of embedding digital signatures

Make DRA4WfMS document self-protected without requiring an access-control server.

Security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service-level agreements between users and cloud service providers.

Different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system.

Easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system.

27

THANK YOU!