The Research And Implementation Of Architecture On Secure Workflow Management System

Workflow enhances the processing performance and efficiencyprominently through the business process in computerized automation organization, inwhole or in part. All the information in workflow transferred via the distributedenvironment or internet, so it suffered greatly from harmful attack. However, the studyof security in WfMS lags behind the study of WfMS. Therefore, it is very significantto study the security in WfMS.This paper focuses on the study of security in workflow management system.First of all, the paper introduces relevant concept of workflow technology and analysesthe Workflow Management Coalition(WfMC)'s workflow reference model. Bystudying and analyzing the several traditional workflow access control models, thepaper summarizes the disadvantages of the traditional workflow patterns, then putsforward an expanded task-role-based access control model(ETRBAC). Compared withthe other access control models, this model possess of extraordinary efficiency andexceptional security, which proposes some new strategies of user-oriented taskassignment which effectively solved the question of user-oriented separation of dutiesand user-oriented business task. Considering the lacks of security constraints onworkflow management system, and combining with the ETRABC access controlmodel, the paper advances an improved secure workflow management systemarchitecture via the method of manifold technology integration.Secondly, the paper introduces the system architecture, system configuration andcompilation environment of Enhydra Shark. Thus it provides the technologicalfoundation for the use of Shark's reconstruction. Shark system comes forth as popularworkflow management system software, for as much as its plenty of predominance, forinstance, Shark's open source codes, normal modularization design and normalinterfaces which can be improved conveniently.Thirdly, considering the poor security mechanism in workflow managementsystem and with our good practical experiences, the paper implements a higher security workflow management system. The secure workflow managementsystem(called S-Shark) is designed based on Shark system. S-Shark, in which Shark'sworkflow engines are mostly kept, in addition, S-Shark implements user-orientedcardinality constraints, user-oriented separation of duties, time constraints anduser-oriented task assignment. The S-Shark workflow management system wedesigned and implemented has high security, high expansibility, convenient usage, etc.S-Shark system provides interface of constrains definition, which offers the definitionof conflict users, user cardinality constraints and synchronous time. By expanding thesecurity mechanism, the system security administrator can supervise processessecurely, so S-Shark can be the high secure information exchange platform ofworkflow system.Finally, the author summarizes the research work of the paper, points out thedisadvantages of the S-Shark system and the research of future work, then gives outsome advice for further work.