A BPMN BASED SECURE WORKFLOW MODEL

Li Peng

2009

Abstract

Secure workflow has become an important topic in both academia and industry. A secure workflow model can be used to analyze workflow systems according to specific security policies. This model is needed to allow controlled access of data objects, secure execution of tasks, and efficient management and administration of security. In this paper, I propose a BPMN-based secure workflow model to manage specific processes such as authorizations in executing tasks and accessing documents. The secure workflow model is constructed using BPMN-elements. The model is hierarchical and describes a secure workflow system at workflow layer, task layer and data layer. This model ensures the security properties of workflows: integrity, authorization and availability. Moreover, the model is easily readable and understandable.

References

  1. Atluri, V., Huang, W.-K, 1996. An Authorization Model for Workflows. In Proceedings of the Forth European Symposium on Research in Computer Security. pp.44- 64.
  2. Atluri, V., Huang, W.-K, 1996. An Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment. In Proceedings of the 10th IFIP WG 11.3 Working conference on Database Security'. pp. 240-258.
  3. Atluri, V., Huang, W.-K, Bertino, E., 1997. An Execution Model for Multilevel Secure Workflows. In Proceedings of the 11th IFIP Working Conference on Database Security. pp. 151-165.
  4. Atluri, V., Huang, W.-K, 1997. Enforcing Manadatory and Discretionary Security in Workflow Management Systems. In Journal of Computer Security, 5. pp. 303- 339.
  5. BPMI.org and OMG, 2006. Business Process Modeling Notation Specification. Final Adopted Specification. Retrieved February 20, 2006. From http://www.bpmn.org.
  6. Huang, W.-K, Atluri, V., 1999. SecureFlow: A Secure Web-enabled Workflow Management System. In Proceedings of the 4th ACM Workshop on Role-Based Access Control. pp. 83-94.
  7. Hung, P. C. K., 2002. Specifying Conflict of Interest in Web Services Endpoint Language (WSEL). In The ACM SIGecom Exchanges 3(3). pp.1-8.
  8. Hung, P. C. K., Karlapalem, K., 2003. A secure workflow model. In ACSW Frontiers 7803: Proceedings of the Australasian information security workshop conference on ACSW frontiers. pp. 33-41. Australian Computer Society, Inc.
  9. Joshi, J. B. D., Aref, W. G., Ghafoor, A., Spafford, E. H., 2001. Security Models for Web-based Applications. In Communications of the ACM 44(2). pp.38-44.
  10. Kang, M. H., Froscher, J. N., Eppinger, B. J., Moskowitz, I. S., 1999. A Strategy for an MLS Workflow Management System. In Proceedings of the 18th IFIP Working Conference on Database Security. Seatle, WA, 1999.
  11. Knorr, K., 2000. Dynamic Access Control through Petri Net Workflows. In Proceedings of the 16th Annual Computer Security Applications Conference. pp. 159- 167. New Orleans, LA, December 2000.
  12. Knorr, K., 2001. Multilevel Security and Information Flow in Petri Net Workflows. In Proceedings of the 9th International Conference on Telecommunication Systems - Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems. pp. 9- 20.
  13. Olivier, M. S., van de Riet, R. P., Gudes, E., 1998. Specifying application-level security in workflow systems. In DEXA 7898: Proceedings of the 9th International Workshop on Database and Expert Systems Applications. pp. 346-351. Washington, DC, USA, 1998. IEEE Computer Society.
  14. Pernul, G., 1992. Security Constraint Processing During Multilevel Secure Database Design. In Proceedings of Eighth Annual IEEE Computer Security Applications Conference. pp. 229-247.
  15. Thuraisingham, B., Clifton, C., Gupta, A., Bertino, E., Ferrari, E., 2001. Directions for Web and E-commerce Applications Security. In Proceedings of Tenth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. pp. 200- 204.
  16. Workflow Management Coalition (WfMC), 2001. Workflow Security Considerations. White Paper, Document Number WFMC-TC-1019. Document Status - Issue 1.0.
Download


Paper Citation


in Harvard Style

Peng L. (2009). A BPMN BASED SECURE WORKFLOW MODEL . In Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8111-86-9, pages 268-272. DOI: 10.5220/0002015702680272


in Bibtex Style

@conference{iceis09,
author={Li Peng},
title={A BPMN BASED SECURE WORKFLOW MODEL},
booktitle={Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2009},
pages={268-272},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002015702680272},
isbn={978-989-8111-86-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A BPMN BASED SECURE WORKFLOW MODEL
SN - 978-989-8111-86-9
AU - Peng L.
PY - 2009
SP - 268
EP - 272
DO - 10.5220/0002015702680272