Web-Oriented Workflow Security Framework

A workflow is a coordinated arrangement of related tasks in an automated process, the systematic execution of which, ultimately achieves some goal. Workflow management systems (WfMSs) are becoming very popular and are being used to support many of the workflows in large organizations.Workflow management systems are used for critical and strategic applications. Security services for workflow systems are becoming increasingly important for cross-domain interoperability in insecure environments. However, the important topic of providing security and integrity in workflow management has been treated at less detail so far, when workflow management are becoming an important topic in the research community, which has limited the development of applying of workflow technique. So with a solution for security problem, workflow systems can be used in a broader range of enterprise applications.The whole spectrum of security services in workflow includes authentication, authorization, access control, data confidentiality and integrity, audit, non-repudiation, and administration. In this thesis, we proposed a Web-oriented workflow security framework (WOWfSF) as a solution for issues of authorization and access control in workflow management system, which consists of three parts: multiple layers organized object resources model, constraints model and workflow access control model, the core of WOWfSF. Multiple layers organized object resources model was designed to describe Web resources in fine granularity and constraints model was for simplifying the complexity of security policies in a defined way. They were the foundations of WfAC model.Security, in a workflow context, involves the implementation of access control security mechanisms to ensure that tasks are performed by authorized subjects only. WfAC model presented by the thesis was capable of specifying authorization in such a way that subjects gain access to required objects only during the execution of the task and supporting the security rule of Dynamic Separation of Duties (DSoD). The WfAC model was designed by extending Task-based Access Control (TBAC) model in the way of replacing the trustee-set by roles-set which is the conception of Role-based Access Control (RBAC) model, so the WfAC model combined the advantages of the two access control models to realize security in WfMSs.The thesis addressed an implementation of WOWfSF model in a workflow management system, which has proved that it is an effective solution for security issues in WfMSs.