Modeling and analyzing the impact of authorization on workflow executions
He, L., Huang, C., Duan, K., Li, K., Chen, H., Sun, J. and Jarvis, S.A. (2012) Modeling and analyzing the impact of authorization on workflow executions. Future Generation Computer Systems. ISSN 0167-739X (In Press)
![[img]](http://eprints.dcs.warwick.ac.uk/style/images/fileicons/application_pdf.png) |
PDF
- Accepted Version
Restricted to Repository staff only Download (1178Kb) |
Abstract
It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | pcav performance hpsg |
| Subjects: | Q Science > QA Mathematics > QA76 Computer software |
| Divisions: | Faculty of Science > Computer Science |
| Depositing User: | David Beckingsale |
| Date Deposited: | 20 Apr 2012 09:46 |
| Last Modified: | 20 Apr 2012 09:46 |
| URI: | http://eprints.dcs.warwick.ac.uk/id/eprint/1584 |
Actions (login required)
 |
View Item |
