Secure workflow model

Workflow Management Systems (WFMSs) are becoming very popular and are being used to support many of the day to day workflows in large organizations. One of the major problems with workflow management systems is that they often use heterogeneous and distributed hardware and software systems to execute a given workflow. This gives rise to decentralized security policies and mechanisms that need to be managed. Since security is an essential and integral part of workflows, the workflow management system has to manage and execute the workflows in a secure way. In this thesis, we present different important concepts for a secure workflow model. We develop a task-based document access model by Temporal Access Control (TAC) in order to support the flow of document access in a task execution. Further, we describe a secure workflow model by a multi-layered state machine to support the flow of authorizations. It is possible that workflow management systems may assign too many privileges (for accessing resources like documents) to the agents executing the workflow without the mechanism to evaluate the risk of privileges being assigned or manage the status of privileges after assignment. We develop the least privilege concept and Security Risk Factor (SRF) to manage the assignment of privileges to agents executing the workflow. Further, we address the trade-off between resilience to agent failure and least privilege concept. We illustrate the security concepts developed in this thesis on a research prototype workflow management system CapBasED-AMS (Capability-based and Event-driven Activity Management System) and a commercial workflow management system IBM MQSeries Workflow. Finally, we develop the concept of card agent for supporting the least privilege concept.