Abstract
Security and trust relationships between services significantly govern their willingness to collaborate and participate in a workflow. Existing workflow tools do not consider such relationships as an integral part of their planning logic: rather, they approach security as a run-time issue. We present a workflow management framework that fully integrates trust and security into the workflow planning logic. It considers not only trust relationships between the workflow requestor and individual services, but also trust relationships among the services themselves. It allows each service owner to define an upper layer of collaboration policies (rules that specify the terms under which participation in a workflow is allowed) and integrates them into the planning logic. Services that are unfit for collaboration due to security violations are replaced at the planning stage. This approach increases the services owners’ control over the workflow path, their willingness for collaboration, and avoids run-time security failures.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Foster, I., Kesselman, C., Nick, J., Tuecke, S.: Open Grid Service Infrastructure WG, Global Grid Forum (2002)
Foster, I., Kesselman, C.: Globus: A Metacomputing Infrastructure Toolkit. Intl J. Supercomputer Applications 11(2), 115–128 (1997)
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. Intl. J. Supercomputer Applications 15(3) (2001)
Sandhu, R.: Role-Based Access Control Models. IEEE Computer 29(2), 34–47 (1996)
Thomas, R.K., Sandhu, R.: Towards a Task-based Paradigm for Flexible and Adaptable Access Control in Distributed Applications. In: ACM SIGSAC New Security Paradigms Workshop, pp. 138–142 (1992-1993)
Blaze, M., Feigenbaum, J., Ioannadis, J., Keromytis, A.D.: The role of trust management in distributed systems security. In: Secure Internet Programming: the Security Issues for Mobile and Distributed Objects, pp. 185–210. Springer, Heidelberg (1999)
Raman, R., Livny, M., Solomon, M.: Matchmaking: Distributed Resource Management for High Throughput Computing. In: Seventh IEEE Intl. Symp. on High-Performance Distributed. Computing, HPDC (1998)
Czajkowski, K., et al.: Grid Information Services for Distributed Resource Sharing. In: 10th IEEE Intl. Symp. on High-Performance Distributed Computing, HPDC-10 (2001)
Atluri, V., Huang, W.-K.: An Authorization Model for Workflows. In: Fifth European Symp. on Research in Computer Security, pp. 44–64 (1996)
Knorr, K.: Dynamic access control through Petri net workflows. In: 16th Conf. on Computer Security Applications (ACSAC 2000), pp. 159–167 (2000)
Huang, W.-K., Atluri, V.: SecureFlow: A Secure Web-enabled Workflow Management System. In: 4th ACM Workshop on Role-based Access Control (1999)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. on Information and System Security 2(1), 65–104 (1999)
Tan, K., Crampton, J., Gunter, C.A.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: 17th IEEE Computer Security Foundations Workshop (CSFW 2004), pp. 155–169 (2004)
Hung, P.C.K., Karlapalem, K.: A secure Workflow Model. In: Australasian Information Security Workshop Conference, pp. 33–41 (2003)
Kang, M.H., Park, J.S., Froscher, J.N.: Access-Control Mechanisms for Inter Organizational Workflow. In: Sixth ACM Symp. on Access Control Models and Technologies, pp. 66–74 (2001)
Koshutanski, H., Massacci, V.: An Access Control Framework for Business Processes for Web Services. In: ACM Workshop on XML Security, pp. 15–24 (2003)
Kim, S.-H., Kim, J., Hong, S.-J., Kim, S.: Workflow-based Authorization Service in Grid. In: Fourth Intl. Workshop on Grid Computing (GRID 2003), pp. 94–100 (2003)
Deelman, E., Blythe, J., Gil, Y., Kesselman, C., Mehta, G., Patil, S., Su, M.-H., Vahi, K., Livny, M.: Pegasus: Mapping Scientific Workflow onto the Grid. In: Across Grids Conference, pp. 11–20 (2004)
Buyya, R., Abramson, D., Giddy, J.: Nimrod/G: An Architecture for a Resource Management and Scheduling System in a Global Computational Grid. In: Fourth Intl. Conference On High Performance Computing in Asia-Pacific Region (HPC ASIA 2000). vol. (1), pp. 283–289 (2000)
Cao, J., Jarvis, S.A., Saini, S., Nudd, G.R.: GridFlow: Workflow Management for Grid Computing. In: Third IEEE/ACM Intl. Symposium on Cluster Computing and the Grid (CCGRID 2003), pp. 198–205 (2003)
Standards for Privacy of Individually Identifiable Health Information (HPR). 45 CFR 164.C. Federal Register, 68(34), 8334–8381 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Altunay, M., Brown, D., Byrd, G., Dean, R. (2005). Trust-Based Secure Workflow Path Construction. In: Benatallah, B., Casati, F., Traverso, P. (eds) Service-Oriented Computing - ICSOC 2005. ICSOC 2005. Lecture Notes in Computer Science, vol 3826. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596141_29
Download citation
DOI: https://doi.org/10.1007/11596141_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30817-1
Online ISBN: 978-3-540-32294-8
eBook Packages: Computer ScienceComputer Science (R0)