论文信息 - Context and Trust Aware Workflow Oriented Access Framework

Context and Trust Aware Workflow Oriented Access Framework

Service oriented computing (SoC) changes the way of conducting business as these services are often available on a network. As traditional access control approach may not work in the changed environment, protecting business resource from misuse is a big challenge. Again, static allocation of access right to users will not be an efficient solution as SoC environment changes with time. This paper focuses on design of dynamic access control approach for business process. Here, we propose a context and trust aware workflow oriented access framework. Proposed approach focuses on inter-component relationship where phases are executed either in online or offline mode to avoid performance bottleneck. The concept of static binding in role based access model is extended to support dynamic access control by including context awareness and trust relationship between owner and user. Trust is either directly or indirectly dependent on service level agreement (SLA) compliance, quality of service, reputation and provenance (historical data). In this paper, the framework is designed by mapping proposed access model to workflow instances at run-time. It is validated by workflow net model, where workflow instance can be successfully executed without any interruption and can satisfy soundness property while incorporating proposed access control approach.

Rituparna Chaki | Khalid Saeed | Nabendu Chaki | Tapalina Bhattasali

[1] Stephen S. Yau,et al. A Situation-aware Access Control based Privacy-Preserving Service Matchmaking Approach for Service-Oriented Architecture , 2007, IEEE International Conference on Web Services (ICWS 2007).

[2] Jun Zheng,et al. Dynamic Role-Based Access Control Model , 2011, J. Softw..

[3] Jing Liu,et al. The Study of Access Control for Service-Oriented Computing in Internet of Things , 2012 .

[4] Yu Zhou,et al. Access Control on the Composition of Web Services , 2006, International Conference on Next Generation Web Services Practices.

[5] Yeping He,et al. Spatial Context in Role-Based Access Control , 2006, ICISC.

[6] R. Stephenson. A and V , 1962, The British journal of ophthalmology.

[7] Barbara Carminati,et al. Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[8] Zhengqiu He,et al. Semantics-based Access Control Approach for Web Service , 2011, J. Comput..

[9] Alfons H. Salden,et al. Context sensitive access control , 2005, SACMAT '05.

[10] Antonio F. Gómez-Skarmeta,et al. TACIoT: multidimensional trust-aware access control system for the Internet of Things , 2016, Soft Comput..

[11] Marianne Winslett,et al. The Traust Authorization Service , 2008, TSEC.

[12] Vijayalakshmi Atluri,et al. An Authorization Model for Workflows , 1996, ESORICS.