Vous êtes sur la page 1sur 6

Specifying Selected Security Features of Inter-Organizational Workflows

Boleslaw Mikolajczak1 and Sachin Joshi2


Computer and Information Science Department
1, 2
University of Massachusetts Dartmouth, Dartmouth, MA, USA
1
Polish-Japanese School of Information Technology, Warsaw, Poland
bmikolajczak@umassd.edu

Abstract - Separation of duties: Separation of duties requires


that no single individual be allowed to execute all
Workflow security introduces a shift from traditional transactions.
subject-object-rights focus of database to a transaction In this paper we consider specification of
oriented one. Inter-organizational workflow provides authentication and non-repudiation.
solution for data sharing and work coordination at a global
level. A secure computing infrastructure is needed to support
their missions. Security features are incorporated for each 2. Inter-organizational Workflow of
participating organization as well as for the overall inter-
organizational workflow. Security features such as
Online Computer Shopping System
authentication and non-repudiation are incorporated in In order to implement security features in an IOWF
models of inter-organizational workflows. Petri nets are we adopted an incremental approach. An online
used for incremental specification of inter-organizational
computer shopping system is being considered.
workflows with security features.
Workflow models are created for each participating
organization using Petri nets. Message Sequence Chart
1. Security of Workflow Systems (MSC) is used for specifying messages and the
E-commerce includes consumer and business-to- ordering of events. IOWF model is formed using MSC
business transactions. It is interesting to consider and workflows of participating organizations. Security
workflows distributed over a number of organizations. features are incrementally added to the IOWF.
Inter-organizational workflows (IOWF) offer Consider Online Shopping Computer Store with
companies the opportunity to re-shape business credit card as payment method and UPS as delivery
processes beyond the boundaries of individual company. A customer makes an order of a computer.
organizations. In inter-organizational workflow Then Dell checks the customers credit and checks
several business partners are involved in a shared availability of the computers components. Dell will
workflow process. Each partner has local workflow send acknowledgement to the customer. If checking of
process. These local workflow processes need to credit card and availability of computer components
communicate. are positive, then Dells factory will start to build the
One of the problems with workflow management computer and Dell will arrange shipment with UPS
systems is that they use heterogeneous and distributed and will pay shipping fee to UPS. UPS will deliver the
hardware and software systems to execute a given computer to customer. As the customer already knows
workflow. This gives rise to decentralized security that his computer would arrive, he will sign the
policies. The workflow management system has to paperwork, and UPS will inform Dell that computer
execute the workflows in a secure way. A number of has been delivered to the customer. Dell charges the
security measures [1] need to be taken into account customer on his credit card account. The customer
while building a secure workflow system. These becomes a former customer.
include:
- Integrity: Refers to an unauthorized modification of 3. Specification of Online Computer
information, including the workflow specification
- Authentication: refers to verifying identity of the task Shopping System
execution agents Online Computer Shopping System involves
- Authorization: refers to enforcing access control to participation of four organizations: Customer, Dell,
ensure confidentiality and integrity Customers Credit Bank and UPS. Fig. 1 presents the
system. The Customers workflow starts with a token

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE
in place Prospective Customer. He selects a product workflow ends with Customers Credit Banks
and places an order by transition Send Order. Workflow ended.
Customer waits for acknowledgement of product UPSs workflow starts with token in place UPS. As
availability and credit check success by place soon as UPS receives the shipping order and payment
Customer waiting for acknowledgement. Customer from Dell (Receive Product and Payment), it becomes
receives an acknowledgement by Receive ready to deliver product to Customer (Product ready
Acknowledgement transition. Customer waits for the for delivery). UPS delivers product to the Customer
product by place Customer waiting for product. As (Deliver product) and waits for the signed receipt from
Customer receives the product (Customer with the Customer (Waiting for Receipt). UPS sends
product), he signs the receipt and returns it to UPS by successful delivery notification to Dell (Notify Dell)
transition Sign Receipt. After receiving the product after receiving the signed receipt from Customer
Customer waits for receipt with credit card charges (Receive Receipt). UPSs workflow ends with UPSs
(Customer waiting for receipt). After receiving the Workflow Ended.
receipt (Receive Receipt) Customers workflow ends
in Customers workflow ended. 4. Specification of Security Features
Dells workflow starts with a token in place Dell.
After receiving the order (Receive Order) Dell Online Computer Shopping System consists of four
becomes ready for checking the availability of product workflows: Customer, Dell, Customers Credit Bank
(Order waiting to be checked for availability) and and UPS. In order to determine soundness property of
credit check of the customer (Order waiting to be sent given workflow net, an extended net is used. The
for credit verification). Dell checks the availability of soundness [4] of this extended net is verified using
product (Check Availability) and sends the credit Woflan tool. The IOWF is 1-consistent [3] with
details to Customers Credit Bank (Send Card respect to the Message Sequence Chart as the message
Details). Dell starts processing order (transition Start names used in Message Sequence Chart are the same
Processing) by having acknowledgement ready to be as the names of communication links between the
sent (Acknowledgement ready to be sent) and product workflows and the order of execution of tasks in
ready to be built (Product ready to be built). Dell IOWF is the same as that in Message Sequence Chart.
sends the acknowledgement to the customer (Send
Acknowledgement) and builds the product (Build 4.1. Specifying Authentication
Product). As product is built, it is ready to be shipped
(Product ready for shipping). Dell arranges shipping One of the key issues in e-business security is
(Arrange Shipping) and paying the shipping fees to legitimate use. Legitimate use has two components:
UPS. Dell then waits for the notification from the UPS authentication and identification. Identification
(Dell waiting for notification), that the product is involves a process of a user positively identifying
delivered to the customer. After receiving notification himself/herself to the host (server) that it wishes to
(Receive Notification), Dell charges the Customer conduct a transition with. The most common method
(transition Charge Customer). As Dell receives the for establishing identity is by means of username and
acknowledgement (Receive Acknowledgement) from password. The response to identification is
UPS it sends the receipt with charges to the Customer authentication. Authentication is the process of
(Send Receipt). Dells workflow ends after sending the verifying the identity of a user, process, or device, as a
receipt to the Customer as shown by place Dells prerequisite to allowing access to resources in a
workflow ended. Customers Credit banks workflow system [1, 2]. The identity of a certain user or process
starts with a token in Customers Credit Bank. It starts is challenged by the system and proper steps must be
processing of Customers Credit check request taken to prove the claimed identity. Authentication
(Process Request) as soon as it gets Customers needs to work both ways: for users to authenticate the
information from Dell (Receive Customers server they are contacting, and for servers to identify
information). As it has the credit result ready (Credit their clients. Authentication requires the entity that
result ready to be sent), UPS sends the credit result to presents its identity to confirm it either with something
Dell as shown by Send Details. Customers Credit the client knows (e.g. password or PIN), something the
Bank then waits for transition request from Dell client has (e.g. a Username). Authentication can be
(Waiting for Transaction Request). Customers Credit implemented in online shopping system by providing
Bank then processes request (Process Request) and users of each workflow with username and passwords
sends the acknowledgement to Dell (Send so that only authorized user(s) can access the
acknowledgement to Dell). Customers Credit Banks workflow. It is assumed that each of the workflow in

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE
IOWF has different users as a result each workflow Acknowledgement to Dell (place Product Received)
has separate verification of username and password. and delivers product to Customer. Customer signs
Fig. 2 shows Petri net implementation to the IOWF. receipt and returns it back to UPS (transition Send
The soundness of this authorization is verified using Receipt). UPS then sends Delivery Notification to Dell
Woflan [4]. In order to incorporate authorization, with added digital signature (transition Notify Dell
places Username & Password are added to the with Digital Signature). Dell sends notification
workflow of each participating organization. As the Received Acknowledgement to UPS (place
user of the workflow enters Username & Password, it Notification Received Ack.) and charge details with
is verified by checking the username and password in digital signature to Customers Credit Bank (transition
the database of each organization. Charge Customer & Add Signature). Customers
Credit Bank sends the acknowledgement to Dell (place
4.2. Specifying Non-Repudiation Acknowledgement). Dell sends the received receipt to
Customers Credit Bank (place Ack.Received Receipt).
Non-repudiation is a stronger variation of At last customer sends Receive Acknowledgement to
authentication that allows the senders identity to be Dell (place Receipt Received Ack).
verified by a third party, and is used to prove that a
message was not forged. This also means that the 5. Conclusions
sender cannot deny he sent a particular message. Non-
repudiation is the ability of an originator or recipient Inter-organizational workflows and selected features
of a transaction to prove to a third party that their related to their security were studied. An incremental
counterpart did in fact take the action. Thus the sender method of security features representation has been
of a message should be able to prove to a third party presented with Online Computer Shopping System.
that the intended recipient got the message and the IOWF without security features has been specified
recipient should be able to prove to a third party that using Petri-Nets. The security features are
the originator did actually send the message. incrementally added. As a result we achieve new Petri
Non-repudiation can be implemented by enforcing net model that incorporates security features of interest
each of the organization to send Receive such as: authentication, data integrity, and non-
acknowledgement. Digital signature can be used not repudiation. This upgraded Petri net model can be
only to ensure that a message or document has been subjected to incremental verification and validation
electronically signed by the person but also, to ensure techniques. Future work will aim at using colored Petri
that a person cannot later deny that they furnished the nets for representation of IOWFs. Moreover multilevel
signature. Incorporation of non repudiation in Online security can also be incorporated in IOWF.
Shopping System is shown in Fig. 3. Soundness of the
non-repudiation is verified using Woflan. As customer
is ready to place an order, he attaches a digital 6. References
signature with order as shown by transition Prepare
Order with Digital Signature. As Dell receives order, [1] Atluri V., Security for Workflow Systems, Vol. 6,
it sends the acknowledgement to Customer (place No. 2, 2001, Elsevier Science, pp. 59-68.
Order Received Acknowledgement). Dell then adds
digital signature to Customers credit before sending it [2] B. Mikolajczak, S. Joshi. Modeling of Information
to Customers Credit bank (transition Add Digital Systems Security Features with Colored Petri nets.
Signature). Customers Credit Bank sends Receive IEEE SMC 2004 Int. Conference, Oct. 2004, The
Acknowledgement to Dell (place Customer Info. Netherlands.
Received Ackno). It then adds digital signature to
credit result after (transition Add Digital Signature). [3]. van der Aalst W.M.P. Loosely Coupled Inter-
As Dell receives credit result it sends organizational Workflows: Modeling and Analyzing
acknowledgement to Customers Credit Bank (place Workflows Crossing Organizational Boundaries.
Credit Result Received Ack). Dell then sends Information and Management, 37(2):67-75, 2000.
acknowledgement of product availability and credit
check success with digital signature to Customer [4] van der Aalst W.M.P., Verbeek H.M.W., Kumar
(transition Send Acknowledgement with digital sign). A., XRL/Woflan: Verification of an XML/Petri-net
Customer sends Received Acknowledgement to Dell based language for inter-organizational workflow, in:
(place Receive Ack. from Customer). Dell adds digital Proc. of the 6th Conference on Information Systems
signature before arranging the shipping (transition Add and Technology, CIST-2001, pp. 30-45.
Digital Signature). UPS sends Receive

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE
Fig. 1 IOWF of the Online Computer Shopping System

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE
Fig. 2 Online Computer Shopping System IOWF with Implemented Authorization

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE
Fig 3. Online Computer Shopping System IOWF with Implemented Non Repudiation

Proceedings of the 2005 International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on
Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC05)
0-7695-2504-0/05 $20.00 2005 IEEE

Vous aimerez peut-être aussi