Modeling and analyzing the impact of authorization on workflow executions☆
Highlights
► We model the executions of workflows with human involvement under RBAC authorization. ► We analyze the impact of authorization on workflow executions. ► We calculate the performance of workflow executions under RBAC authorization. ► We propose the approaches to improving performance given the authorization constraints.
Introduction
Business processes or workflows are often used to model enterprise or scientific applications [1], [2], [3], [4]. A workflow consists of multiple tasks with ordered execution, i.e., a task can only start execution after another task in the workflow has completed (the former task is called the latter’s child). It has received considerable research interest to automate workflow executions on computer resources, which has led in part to BPEL being proposed as a standard for specifying and executing workflows [4]. However, many workflow scenarios still involve human activities and will be comprised of a mixture of human tasks and computing tasks (which we term a hybrid workflow in this paper) [5], [6], [7], [8], [9]. For example, in IT-based video production workflows [9], human interactions are still required for decision making and artistic choices (e.g., video editing decisions). In mortgage business processes in banks [10], various human tasks (e.g., a manual approval step is required if the mortgage value exceeds some amount) could be involved in order to make the final decisions. Indeed, in many application domains, the completion of a task in a workflow replies on the subjective judgment of human. It would be very difficult, if not possible, to use computers to completely replace humans in such scenarios.
In traditional workflow management systems, human interactions in a workflow are not well supported, and therefore a workflow with human involvement can be regarded as a semi-automated workflow [11]. Motivated by the requirements of integrating human interactions into business processes, research exists to support human tasks in workflow contexts. WS-HumanTask and BPEL4People, which have been proposed to overcome the lack of support for human activities in BPEL [11], [10], are the exemplar products of these research efforts. WS-HumanTask and BPEL4People enable the integration of human tasks into business processes, and therefore the executions of the workflows containing human tasks can also be automated [11], [10].
Human involvement introduces authorization concerns, requiring restrictions on who is allowed to perform which tasks at what time. Research has been conducted to attach authorization information (such as roles and permissions) to activities, and to impose authorization constraints (such as separation of duty) on workflow executions [12], [13], [14], [15], [16], [17], [18]. For example, in BPEL4People, authorization concepts such as roles and permissions are defined, and various authorization constraints are supported, including cardinality constraints, separation of duty, binding of duty, etc. The authorization specified in BPEL4People can be categorized as Role-based Authorization Control (RBAC), under which users are assigned to certain roles, while the roles themselves are associated with prescribed permissions.
When we assess resource capacities, or evaluate the performance of workflow executions on supporting platforms, it is often assumed that when a task is allocated to a resource, the resource will accept the task and start the execution once a processor becomes available. However, when human activities and authorization constraints are taken into account, the issue can become complex. The following example illustrates such a situation.
A bank will need both human activities and computing-based activities to support its business. A workflow will typically contain both Human Tasks (HT) and Computing Tasks (CT): A human task may consist of a person (or a user in the RBAC terminology) with an official position (or a role in RBAC, e.g., a branch manager) signing a document; a computing task may involve running an application on a computing resource to assess risk for an investment. Further, the computing applications may be hosted in a central resource pool (e.g. a cluster), and the invocation of an application may be automated without human intervention, which we term an Automated Computing Task (ACT), or for security reasons, can only be initiated by a user with a certain role and be executed under that role/user, which we term a Human-aided Computing Task (HCT). The following authorization constraints are often encountered in such scenarios [17]: (1) Role constraints: A human task may only be performed by a particular role; a computing application may only be invoked by assuming a particular role; (2) Temporal constraints: A role or a user is only activated during certain time intervals (e.g., a staff member only works in morning hours); (3) Cardinality constraints: The maximum number of tasks (computing or other) running simultaneously under a role is ; (4) Separation of Duty constraints: If Task (HT or CT) is run by a role (or a user), then Task must not be run by the same role (or user); (5) Binding of Duty constraints: If Task is run by a role (or user), then Task must be run by the same role (or user); (6) role hierarchy constraints: if multiple roles are eligible and available to run a task, the task must only assume the role with the least privilege.
In real-world applications, a more complex task may contain both human and computing activities. For example, a task may first require a person to handle the task, and then require a computing application being invoked to compute additional data. Such a complex task can be regarded as the combination of an HT and an ACT/HCT. Therefore, in this paper, we assume that the time spent by a user handling an HCT is negligible.
It is common to find such authorization constraints and interaction between human and automated activities; our domains of interests include healthcare systems [19], the video management domain [9] and the manufacturing community [6], [20]. Human intervention and associated authorization clearly affects the processing of tasks and impacts on both application-oriented performance (e.g. mean response time of workflows) and system-oriented performance (e.g. utilization of the computing resource pool). Obtaining these performance data will be critical in capacity planning, designing authorization policies and developing workflow management strategies.
To date, little attention has been paid to investigating performance when running hybrid workflows under deployed authorization policies. The purpose of this paper is to model execution and authorization of hybrid workflows that are supported by cluster-based resource pools. Various types of authorization constraints are modeled in this paper, including role constraints, temporal constraints, cardinality constraints, Binding of Duty (BoD), Separation of Duty (SoD) constraints, and role hierarchy constraints. Workflow executions, as well as the interactions between workflow execution and authorization controls are also modeled in this paper. In this paper, the Timed Color Petri-Net (TCPN) formalism is applied to model workflow authorization and execution. Moreover, the modeling mechanism is developed in such a way that the model construction can be automated. This feature is very helpful in modeling a large collection of authorization policies or complex workflows.
The constructed models are then simulated and analyzed to obtain various performance metrics, including authorization overhead, system-oriented performance (e.g., utilization and throughput) and application-oriented performance (e.g., response time of workflows).
A high level Petri-net tool, called the CPN Tools [21], [22], is utilized to implement and simulate the model. Based on the model simulations, the methods are proposed to analyze the authorization overhead and the performance bottlenecks in the system. Further, we propose the approaches to enhancing performance under the specified authorization constraints.
The work presented in this paper can be used for capacity planning, designing workload management strategies, or for estimating application performance in the presence of authorization policies. Since we can calculate from the models the overhead caused by the authorization constraints, this work also provides insight into how to tune performance by adjusting authorization policies so as to achieve a good balance between performance and security overheads.
Note that this paper investigates the executions of hybrid workflows (containing both computing tasks and human tasks) at an abstract level. Whether the execution of a hybrid workflow is semi-automated or automated is an implementation issue (depending on whether the workflow execution is programmed using BPEL4People or traditional workflow management methods), which does not affect the results obtained in this paper.
The remainder of this paper is organized as follows: Section 2 discusses related work; Section 3 introduces the Timed Color Petri-Net formalism applied in this paper; workflow authorization and execution are modeled in Section 4; model simulations and overhead analysis are discussed in Section 5. Section 5 also presents the approaches to reducing authorization overheads and improving performance. Section 6 presents the simulation results and, Section 7 concludes the paper.
Section snippets
Related work
Workflow management has been extensively studied and as a result is well documented in related literature [23], [1], [24], [3]. Much of this research is aimed at automating the execution, and enhancing the performance, of workflows in parallel and distributed systems [1],43. Some of this research has also utilized Petri-nets to model workflow execution. However we note that their work does not formally investigate the performance of workflow execution under authorization constraints.
Research
Timed Color Petri-Nets
The formal definition of a Color Petri-Net (CPN) differs depending on the source literature [25], [35]. The CPN formalism applied in this paper is the same as that defined in [21], in which a CPN is defined as in Eq. (1). where:
- 1.
is a finite set of places
- 2.
is a finite set of transitions such that .
- 3.
is a set of directed arcs.
- 4.
is a finite set of non-empty color sets.
- 5.
is a finite set of typed variables such that for all variables .
- 6.
:
Models
Both human tasks and human-aided computing tasks require authorization before execution. In this section, we first model various types of authorization control using TCPNs. These include: (1) Role constraints; (2) Temporal constraints; (3) Role and user assignment; (4) Binding-of-duty constraints; (5) Separation-of-duty constraints; (6) Cardinality constraints; (7) Role hierarchy constraints. We then present how to automatically assemble individual authorization modules to form the
Model simulation and analysis
The modeling mechanism presented in this paper has been implemented using the CPN Tools [22]. The CPN Tools is a software platform that is able to construct and simulate the Petri-net models. This toolkit provides a flexible mechanism that allows users to monitor a set of tokens, places and/or transitions, and their runtime status can be automatically collected during model simulations. This functionality of the toolkit is utilized in this paper to analyze and evaluate a constructed Petri-net
Experimental studies
This section presents the simulation experiments to demonstrate the impact of the authorization constraints on the performance in terms of mean Response Time (RT) of workflows, Utilization of Computing Resources (UCR) and Utilization of Human Resources (UHR). The performance in terms of deadline miss rate and throughput is correlated with response time and utilization, respectively.
In the simulations presented in this paper, the workflows are randomly generated, each workflow containing TNUM
Conclusions
This paper models the authorization and execution of hybrid workflows consisting of human and computing tasks. The impact of authorization on workflow executions is analyzed. The Timed Color Petri Nets (TCPN) formalism is employed to construct the models. Various authorization constraints are modeled in this paper, including role, temporal, cardinality, separation of duty, binding of duty, and role hierarchy constraints. The model is constructed in a modular fashion so that the model
Acknowledgments
This work is supported by the Leverhulme Trust (grant number RPG-101), the National High-tech R&D Program of China (863 Program, Grant No. 2011AA01A203), the Key Program of National Natural Science Foundation of China (61133005), the National Natural Science Foundation of China (grant numbers: 61173166 and 60803130).
Ligang He is an Associate Professor in the Department of Computer Science at the University of Warwick. He studied for the Ph.D. degree in Computer Science at the University of Warwick, UK, from 2002 to 2005, and then worked as a post-doctor in the University of Cambridge, UK. In 2006, he joined the Department of Computer Science at the University of Warwick as an Assistant Professor. His research interests focus on parallel and distributed processing, Cluster, Grid and Cloud computing. He has
References (37)
- et al.
Workflows and e-science: an overview of workflow system features and capabilities
Future Generation Computer Systems
(2009) - et al.
Online scheduling of workflow applications in grid environments
Future Generation Computer Systems
(2011) - et al.
Service CAD system to integrate product and human activity for total value
CIRP Journal of Manufacturing Science and Technology
(2009) - et al.
CRBAC: imposing multi-grained constraints on the rbac model in the multi-application environment
Journal of Network and Computer Applications
(2009) - et al.
Multi-view interaction modelling of human collaboration processes: a business process study of head and neck cancer care in a dutch academic hospital
Journal of Biomedical Informatics
(2011) - et al.
Allocating non-real-time and soft real-time jobs in multiclusters
IEEE Transactions on Parallel and Distributed Systems
(2006) - Web services business process execution language version 2.0. http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.pdf,...
- K. Gaaloul, A. Schaad, U. Flegel, F. Charoy, A secure task delegation model for workflows, in: The Second International...
- et al.
Programming human and software-based web services
IEEE Computer
(2010) - Q. Zhao, X. Liu, D. Sun, T. Liu, Y. Li, Mashing-up rich user interfaces for human interation in WS-BPEL, in: The 2010...
Role-based authorization constraints specification
ACM Transactions on Information and System Security
Access control and authorization constraints for ws-bpel
International Conference on Web Services
On the modeling and verification of security-aware and process-aware information systems
Business Process Management Workshops
A generalized temporal role-based access control model
IEEE Transactions on Knowledge and Data Engineering
Using colored petri nets to model and analyze workflow with separation of duty constraints
International Journal of Advanced Manufacturing Technology
Cited by (15)
Performance analysis and optimization for workflow authorization
2017, Future Generation Computer SystemsCitation Excerpt :In this paper, we model the feasibility checking problem concisely as a Constraint Satisfaction Problem (CSP). There are also studies to investigate the overhead caused by authorization constraints [18,19]. The work in [18] also applies CTPN to model various authorization constraints, and the interactions between workflow authorization and workflow execution.
TEE: A virtual DRTM based execution environment for secure cloud-end computing
2015, Future Generation Computer SystemsCitation Excerpt :We summarize major acronyms used in the paper in Table 1. There are investigations that exploit VMMs for secure execution environment (e.g., [23–25,15,17,26–28]). Proxos [23] implements a safe execution environment while differentiating the system calls from an untrusted OS and those from a trusted OS.
Beacon-Based Firing Control for Authorization Security in Workflows
2023, IEEE Transactions on ReliabilityUnified Implementation and Simplification for Task-Based Authorization Security in Workflows
2023, IEEE Transactions on Services ComputingTowards Modeling Large-Scale Data Flows in a Multidatacenter Computing System With Petri Net
2015, IEEE Systems Journal
Ligang He is an Associate Professor in the Department of Computer Science at the University of Warwick. He studied for the Ph.D. degree in Computer Science at the University of Warwick, UK, from 2002 to 2005, and then worked as a post-doctor in the University of Cambridge, UK. In 2006, he joined the Department of Computer Science at the University of Warwick as an Assistant Professor. His research interests focus on parallel and distributed processing, Cluster, Grid and Cloud computing. He has published more than 40 papers in international conferences and journals, such as IEEE Transactions on Parallel and Distributed Systems, IPDPS, Cluster, CCGrid, MASCOTS. He has been a member of the program committee for many international conferences, and has been the reviewer for a number of international journals, including IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Computers, IEEE Transactions on Automation Science and Engineering, etc. He is a member of the IEEE.
Chenlin Huang is an Associate Professor in the School of Computer Science at the National University of Defense Technology, China. His research areas are operating systems, security and high performance computing.
Kewei Duan is currently a Ph.D. student in the Department of Computer Science at the University of Bath, UK. His research interests are in performance modeling and evaluations and service computing.
Kenli Li is a Professor in the School of Computer and Communication at the Hunan University, China. He received his Ph.D. Degree in Computer Science from Huazhong University of Science and Technology, China in 2003. His research interests are parallel and distributed computing, real-time and embedded systems.
Hao Chen is an Associate Professor in the School of Computer and Communication at the Hunan University, China. He received the Ph.D. Degree in Computer Science from Huazhong University of Science and Technology, China in 2005. His research interests include virtual machines, operating systems, distributed and parallel computing and security. He is a member of the IEEE.
Jianhua Sun is an Associate Professor in the School of Computer and Communication at the Hunan University, China. She received the Ph.D. Degree in Computer Science from Huazhong University of Science and Technology, China in 2005. Her research interests are in security and operating systems.
Stephen A. Jarvis is Professor of High Performance and Distributed Computing at the University of Warwick and is co-organiser for one of the UK’s High End Scientific Computing Training Centres. He has authored more than 130 refereed publications (including three books) and has been a member of more than 50 programme committees for IEEE/ACM international conferences and workshops since 2003, including: IPDPS, HPDC, CCGrid, SC, MASCOTS, DSN, ICPP. He is a former member of the University of Oxford Computing Laboratory, and in 2009 was awarded a prestigious Royal Society Industry Fellowship in support of his industry-focused work on high-performance computing.
- ☆
The preliminary version of this paper was presented in the 8th IEEE Intl. Conf. on Services Computing (SCC’11), 2011.