POLICY-BASED VERIFICATION OF DISTRIBUTED WORKFLOWS IN A MULTI-DOMAIN ENVIRONMENT

There is a growing need to support secure interaction among autonomous domains/systems for developing distributed applications. As domains operate according to their individual security and access control policies, supporting secure interactions among domains for distributed workflows is a complex task prone to subtle errors that can have serious security implications. In this paper we propose a framework for verifying secure composibility of distributed workflows in an autonomous multi-domain environment. The objective of workflow composibility verification is to ensure that all the users or processes executing the designated workflow tasks conform to the security policy specifications of all collaborating domains. A key aspect of such verification is to determine the time-dependent schedulability of distributed workflows, assumed to be invoked on a recurrent basis. We use a two-step approach for verifying secure workflow composibility. In the first step, a distributed workflow is decomposed into domain-specific projected workflows and is verified for conformance with the respective domain’s security and access control policy. In the second step, the cross-domain dependencies amongst the workflow tasks performed by different collaborating domains are verified. Portions of this work were supported by Grant IIS-0209111 from the National Science Foundation and by sponsors of the Center for Education and Research in Information Assurance and Security.

[1]  Ingolf Krüger,et al.  Service specification with MSCs and roles , 2004, IASTED Conf. on Software Engineering.

[2]  Roshan K. Thomas,et al.  Models for coalition-based access control (CBAC) , 2002, SACMAT '02.

[3]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[4]  Pierre-Yves Schobbens,et al.  From live sequence charts to state machines and back: a guided tour , 2005, IEEE Transactions on Software Engineering.

[5]  Víctor A. Braberman,et al.  A scenario-matching approach to the description and model checking of real-time properties , 2005, IEEE Transactions on Software Engineering.

[6]  Diego Calvanese,et al.  Automatic Composition of E-services That Export Their Behavior , 2003, ICSOC.

[7]  Anand R. Tripathi,et al.  Specification of secure distributed collaboration systems , 2003, The Sixth International Symposium on Autonomous Decentralized Systems, 2003. ISADS 2003..

[8]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[9]  Suk-Ho Kang,et al.  Business process choreography for B2B collaboration , 2004, IEEE Internet Computing.

[10]  Annie I. Antón,et al.  Strategies for Developing Policies and Requirements for Secure and Private Electronic Commerce , 2001, E-Commerce Security and Privacy.

[11]  Nancy G. Leveson,et al.  Software Requirements Analysis for Real-Time Process-Control Systems , 1991, IEEE Trans. Software Eng..

[12]  Vijayalakshmi Atluri,et al.  Modeling and Analysis of Workflows Using Petri Nets , 1998, Journal of Intelligent Information Systems.

[13]  Satish K. Tripathi,et al.  Modeling reentrant and nonreentrant software , 1982, Measurement and Modeling of Computer Systems.

[14]  Yi Deng,et al.  An Approach for Modeling and Analysis of Security System Architectures , 2003, IEEE Trans. Knowl. Data Eng..

[15]  Sebastián Uchitel,et al.  Model-based verification of Web service compositions , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[16]  Rik Eshuis,et al.  Tool support for verifying UML activity diagrams , 2004, IEEE Transactions on Software Engineering.

[17]  Elisa Bertino,et al.  An analysis of expressiveness and design issues for the generalized temporal role-based access control model , 2005, IEEE Transactions on Dependable and Secure Computing.

[18]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[19]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[20]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[21]  Subhash Saini,et al.  GridFlow: workflow management for grid computing , 2003, CCGrid 2003. 3rd IEEE/ACM International Symposium on Cluster Computing and the Grid, 2003. Proceedings..

[22]  Rajeev Alur,et al.  Model-Checking in Dense Real-time , 1993, Inf. Comput..

[23]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[24]  Anand R. Tripathi,et al.  Context-based secure resource access in pervasive computing environments , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[25]  C. H. West,et al.  Protocol Validation in Complex Systems , 1989, SIGCOMM.

[26]  Ming T. Liu,et al.  Protocol verification using reachability analysis: the state space explosion problem and relief strategies , 1987, Computer Communication Review.

[27]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[28]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[29]  Diego Calvanese,et al.  Automatic Composition of Transition-based Semantic Web Services with Messaging , 2005, VLDB.

[30]  Gerhard Weikum,et al.  The Mentor project: steps towards enterprise-wide workflow management , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[31]  Peter Brezany,et al.  Towards service collaboration model in grid-based zero latency data stream warehouse (GZLDSWH) , 2004, IEEE International Conference onServices Computing, 2004. (SCC 2004). Proceedings. 2004.

[32]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[33]  Jerzy Tiuryn,et al.  Dynamic logic , 2001, SIGA.

[34]  Annie I. Antón,et al.  Deriving Access Control Policies from Requirements Specifications and Database Designs , 2004 .

[35]  Victor R. Lesser,et al.  The Hearsay-II Speech-Understanding System: Integrating Knowledge to Resolve Uncertainty , 1980, CSUR.

[36]  S. Ghosh NOVADIB: a novel architecture for asynchronous, distributed, real-time banking modeled on loosely-coupled parallel processors , 1991, Conference Proceedings 1991 IEEE International Conference on Systems, Man, and Cybernetics.

[37]  Xiang Fu,et al.  Formal Verification of e-Services and Workflows , 2002, WES.

[38]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[39]  Carl E. Landwehr,et al.  Computer security , 2001, International Journal of Information Security.

[40]  JianJun Yu Dynamic Web service invocation based on UDDI , 2004, IEEE International Conference on E-Commerce Technology for Dynamic E-Business.

[41]  Dan Pilone,et al.  UML 2.0 in a nutshell , 2005 .

[42]  Ken Moody,et al.  Meta-policies for distributed role-based access control systems , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[43]  Leslie G. Valiant,et al.  The Complexity of Enumeration and Reliability Problems , 1979, SIAM J. Comput..

[44]  Barry Boehm,et al.  Detecting architectural mismatches during systems composition , 1998 .

[45]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..