SECURITY FOR

WORKFLOW
SYSTEMS
Subtitle
 Introduction
 Workflow technology is often employed by organizations to automate their day-to-
day business processes.
 The primary advantage of adopting workflow technology is to separate the business
policy from the business applications so that flexibility and maintainability of
business process reengineering can be enhanced.
 Today’s workflows are not necessarily bound to a single organization, but may span
multiple organizations where the tasks within a workflow are executed by different
organizations.
 In order to execute a workflow in a secure and correct manner, one must ensure that
only authorized users should be able to gain access to the tasks of the workflow and
resources managed by them. This can be accomplished by synchronizing the access
control with the specified control flow dependencies among tasks.
 Security Requirements in Workflow Systems:
 A number of security measures need to be taken into account while building a secure
workflow system. These include:
 Confidentiality: This refers to unauthorized disclosure of information including the
workflow specification, and the workflow instances during its execution
 Integrity: Refers to the unauthorized modification of information, again including the
workflow specification as well as the data manipulated during the execution of a
workflow instance .
 Availability: Refers to making the data and resources available to the agents
responsible for executing the tasks in a workflow
 Authentication: Refers to reliably verifying the identity of the task execution agents.

01/03/2022
 Contd..

 Authorization: Refers to enforcing access control to ensure confidentiality and

integrity
 Audit: Refers to recording information about who has performed which actions at
what time within the workflow, which can later be analyzed to detect suspicious
behavior and misuse of authority
 Anonymity: Refers to keeping the agents anonymous from other agents executing
the workflow. This may be needed especially when agents with conflict-of-interest
execute different tasks within a workflow
 Separation of duties: These are additional constraints associated with the
workflow to reduce the risk of fraud.

01/03/2022
 Introduction of Workflow Management
Systems (WfMSs)
 Software systems that support coordination and cooperation among members of an
organization whilst they perform complex business tasks.
 Business tasks are modeled as workflow processes that are automated by the WfMS.
 An activity is a logic step within a workflow, which includes the information
about the starting and stopping conditions.
 A person who participates in the execution of an activity is called a participant
of that activity.
 A workflow process instance represents a state of execution of a workflow process
definition by the WfMS, and is usually controlled by the workflow engine.
Type of Engine-Based WfMSs

 Centralized WfMS - Focus on executing workflow processes within a

single organization at one location in a single workflow engine.
 Distributed WfMS - Establish multiple workflow engines
 Balance the load among the workflow engines as the number of users
increases.
 Reduce the communication time between the participants in the
activity and the workflow engines.

01/03/2022
 Centralized Workflow management System

 A workflow process is executed by a single workflow engine that communicates with all of
the participants in the activity.

01/03/2022
 Distributed WFMS
 Multiple workflow engines in different places.
 Can be used to build up the cross-enterprise WfMS that controls the
execution of cross-enterprise workflow processes.

01/03/2022
 Problems and Difficulties for
Engine-based WfMS in the Cloud
 Security
 Authentication - Refers to reliably verifying the identity of the task execution
agents.
 Confidentiality - Refers to unauthorized disclosure of information including the
workflow specification, and the workflow instances during its execution.
 Data integrity - Refers to the unauthorized modification of information, again
including the workflow specification as well as the data manipulated during the
execution of a workflow instance.
 Nonrepudiation - Refers to a state of affairs where the purported maker of a
statement will not be able to successfully challenge the validity of the statement
or contract.

01/03/2022
Problems and Difficulties for Engine-based
WfMS in the Cloud (Cont’d)

 Scalability
 Reasons for scalable WfMS in the Cloud
 Participants are dynamic.
 Multi-tenancy WfMS requirement.
 How to store huge amount of process instances
 Traditional way- Store and manage process instances in
relational database.
 What is the appropriate form of process instances?
01/03/2022
 Cross-Enterprise
 Only when we can solve the security and scalability problem.
 The process instances should guarantee nonrepudiation.
 SLA seems not enough.
 Other
 Secured process instance migration - User control migration
 Process instance replication in different clouds- User control
replication

01/03/2022
Solution (Document Routing Architecture for
WfMS (DRA4WfMS)
 Engine-less WfMS - Supports a purely distributed operational model without needing a
workflow engine to act as a trusted centralized point of coordination.
 XML(eXtensible Markup Language)-based document-routing system.
 Security framework - Implements the main required security features such as
authentication, confidentiality, data integrity, and nonrepudiation. Applying element-wise
encryption and a cascade-based method to embed digital signatures.
 Dynamic security policy - Managing and controlling data accesses according to the
dynamic behavior of workflow processes.

01/03/2022
Operational Models of DRA4WfMS

 Basic operational model

 Only support authentication, confidentiality, data integrity, and
nonrepudiation.
 Advanced operational model
 Also support workflow monitoring.

01/03/2022
 Security Tools

 SAST: Static application security testing tools passively analyze

an application's source code or binary code for well-known
categories of vulnerabilities.

 DAST: Dynamic application security testing tools assist a human

tester with probing and analyzing a running application that is
looking for behaviors that indicate potential vulnerabilities.

01/03/2022
Contd..

 RASP: Runtime application self-protection tools are embedded

into a running application so the application can monitor itself to
prevent attacks in real time.

 SCA: Software composition analysis tools help to identify third-

party software components that may contain vulnerabilities.
Vulnerabilities can be introduced all along the software supply
chain, and SCA tools help you assess and monitor your component
catalogue.

01/03/2022
 Patching -- fixing vulnerable code -- is also crucial. There is no
such thing as a perfectly secure application, and vulnerabilities are
inevitable. When new vulnerabilities are discovered, you should
proactively remediate them and patch as quickly as possible.

01/03/2022