TY - GEN
T1 - Modelling workflow executions under role-based authorisation control
AU - He, Ligang
AU - Duan, Kewei
AU - Chen, Xueguang
AU - Zou, Deqing
AU - Han, Zongfen
AU - Fadavinia, Ali
AU - Jarvis, Stephen A.
PY - 2011
Y1 - 2011
N2 - Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.
AB - Workflows are often used to represent enterprise-type activities, and authorisation control is an important security consideration in enterprise-level applications. Role-Based Access Control (RBAC) is a popular authorisation control scheme under which users are assigned to certain roles, and the roles are associated with permissions. This paper presents a novel mechanism for modelling workflow execution in cluster-based resource pools under Role-Based Access Control (RBAC) schemes. Our modelling approach uses Coloured Timed Petri-Nets, and various authorisation constraints are modelled, including role constraints, temporal constraints, cardinality constraints, Binding of Duty and Separation of Duty constraints, etc. The interactions between workflow authorisation and workflow execution are also captured in the model. In this paper, the modelling mechanism is developed in such a fashion that the construction of the authorisation model for a workflow can be automated. This feature is very helpful in modelling a large collection of authorisation policies or complex workflows. A Petri-net simulation tool, the CPN-Tool, is utilised to implement the developed modelling mechanism and simulate the constructed model. Both system-level performance (e.g., utilisation of resource pools) and application-level performance (e.g., workflow response time) can be obtained from model simulations. This work can be used to plan system capacity and investigate the impact of authorization policies on system and application performance.
KW - Authorisation
KW - Modelling
KW - RBAC
KW - Workflow
UR - http://www.scopus.com/inward/record.url?scp=80053142306&partnerID=8YFLogxK
U2 - 10.1109/SCC.2011.56
DO - 10.1109/SCC.2011.56
M3 - Conference contribution
AN - SCOPUS:80053142306
SN - 9780769544625
T3 - Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011
SP - 200
EP - 208
BT - Proceedings - 2011 IEEE International Conference on Services Computing, SCC 2011
T2 - 2011 IEEE International Conference on Services Computing, SCC 2011
Y2 - 4 July 2011 through 9 July 2011
ER -