Design and Verification of Loosely Coupled Inter-Organizational Workflows with Multi-Level Security

Inter-Organizational Workflows (IOWF) become important as they provide solution for data sharing, heterogeneity in resources and work coordination at global level. However, a secured computing infrastructure like Multilevel Security (MLS) is needed to support today’s vast businesses. In this paper Message Sequence Charts (MSC) are used to specify the positive and negative interactions between cooperating organizations. Petri nets are used to model the workflows in each organization. IOWF is obtained by combining Message Sequence Charts (MSC) and workflows of local organizations. We present an algorithm to incorporate MLS features into IOWFs using Bell-LaPadula security model. In this model security labels of subject and object are verified before the subject can access the object. The algorithm reduces the workflows of participating organizations using the reduction rules while preserving the communication patterns between organizations. We also present an algorithm to identify implicit places in the IOWF with MLS features. Our method and algorithms are illustrated by a running example.

[1]  Boleslaw Mikolajczak,et al.  Consistency of Loosely Coupled Inter-organizational Workflows with Multilevel Security Features , 2007, MSVVEIS.

[2]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[3]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[4]  Rüdiger Valk,et al.  Petri nets for systems engineering - a guide to modeling, verification, and applications , 2010 .

[5]  Wil M. P. van der Aalst,et al.  Workflow Verification: Finding Control-Flow Errors Using Petri-Net-Based Techniques , 2000, Business Process Management.

[6]  Matt Bishop Conspiracy and Information Flow in the Take-Grant Protection Model , 1996, J. Comput. Secur..

[7]  Wil M. P. van der Aalst,et al.  Loosely coupled interorganizational workflows: : modeling and analyzing workflows crossing organizational boundaries , 2000, Inf. Manag..

[8]  Guoliang Zheng,et al.  Consistency Checking of Concurrent Models for Scenario-Based Specifications , 2005, SDL Forum.

[9]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[11]  Boleslaw Mikolajczak,et al.  Soundness of Loosely Coupled Inter-Organizational Workflows with Multilevel Security Features , 2007, IKE.

[12]  Boleslaw Mikolajczak,et al.  Integration of Multilevel Security Features Into Loosely Coupled Inter-Organizational Workflows , 2007, Fourth International Conference on Information Technology (ITNG'07).

[13]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[14]  Ira S. Moskowitz,et al.  A Strategy for an MLS Workflow Management System , 1999, DBSec.

[15]  Vijayalakshmi Atluri,et al.  An Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment , 1996, DBSec.

[16]  W.M.P. van der Aalst,et al.  Interorganizational workflows: An approach based on message sequence charts and petri nets , 1999 .

[17]  Ira S. Moskowitz,et al.  An architecture for multilevel secure interoperability , 1997, Proceedings 13th Annual Computer Security Applications Conference.