Modularity for Security-Sensitive Workflows

TL;DR

This paper introduces a modular approach to security-sensitive workflows, enabling component-based design, authorization constraint enforcement, and improved scalability and reusability of security mechanisms in business processes.

Contribution

It defines a new notion of components and combination mechanisms tailored for security-sensitive workflows, facilitating pattern simulation, authorization constraints, and reusability.

Findings

Workflow patterns can be simulated with the new combination mechanism.

Authorization constraints can be effectively imposed across components.

The approach improves scalability of runtime monitor synthesis and supports workflow reuse.

Abstract

An established trend in software engineering insists on using components (sometimes also called services or packages) to encapsulate a set of related functionalities or data. By defining interfaces specifying what functionalities they provide or use, components can be combined with others to form more complex components. In this way, IT systems can be designed by mostly re-using existing components and developing new ones to provide new functionalities. In this paper, we introduce a notion of component and a combination mechanism for an important class of software artifacts, called security-sensitive workflows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (constraining which users can execute which tasks). We show how well-known workflow execution patterns can be simulated by our combination mechanism and how authorization constraints can also be imposed across components. Then, we demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-time monitors for security-sensitive workflows and (ii) the design of a plug-in for the re-use of workflows and related run-time monitors inside an editor for security-sensitive workflows.