delegation and satisfiability in workflow systems
play

Delegation and Satisfiability in Workflow Systems Jason Crampton - PowerPoint PPT Presentation

Oct 23, 2022 •182 likes •547 views

Delegation and Satisfiability in Workflow Systems Jason Crampton Hemanth Khambhammettu Information Security Group Royal Holloway, University of London SACMAT 2008 One-Page Overview Satisfiability is an important consideration in workflow

  1. Delegation and Satisfiability in Workflow Systems Jason Crampton Hemanth Khambhammettu Information Security Group Royal Holloway, University of London SACMAT 2008

  2. One-Page Overview Satisfiability is an important consideration in workflow management systems (WfMSs) ◮ Given an authorization policy and a set of constraints, does there exist a set of authorized users that can complete the workflow? Delegation is of increasing interest in workflow systems ◮ Delegation can increase flexibility in the workplace ◮ A successful delegation changes authorization information

  3. One-Page Overview Satisfiability is an important consideration in workflow management systems (WfMSs) ◮ Given an authorization policy and a set of constraints, does there exist a set of authorized users that can complete the workflow? Delegation is of increasing interest in workflow systems ◮ Delegation can increase flexibility in the workplace ◮ A successful delegation changes authorization information How does delegation affect workflow satisfiability?

  5. Constrained Workflows A constrained workflow authorization schema W = (T , A , C) comprises ◮ a set of (abstract) tasks T ◮ authorization information A ⊆ U × T associates users with tasks (for which they are authorized) ◮ a set of constraints C specifies constraints on the execution of tasks by authorized users

  6. Constrained Workflows A constrained workflow authorization schema W = (T , A , C) comprises ◮ a set of (abstract) tasks T ◮ authorization information A ⊆ U × T associates users with tasks (for which they are authorized) ◮ a set of constraints C specifies constraints on the execution of tasks by authorized users An instance of W is created and managed by the WfMS and comprises ◮ a set of (concrete) tasks ◮ tasks are performed by authorized users that satisfy constraints

  7. Workflow Satisfiability An execution assignment is an assignment of concrete tasks to authorized users ◮ A valid execution assignment is an assignment of all tasks to authorized users, such that no constraint is violated ◮ A workflow schema W is satisfiable if there exists a valid execution assignment for W ◮ A workflow instance is satisfiable if all pending tasks can be assigned to authorized users such that no constraint is violated

  8. Complexity Determining whether a schema is satisfiable is an NP-complete problem in general (Wang and Li, ESORICS 2007). . . ◮ Checking whether an execution assignment is valid can be performed in polynomial time ◮ The number of execution assignments is | T | | U |

  9. Complexity Determining whether a schema is satisfiable is an NP-complete problem in general (Wang and Li, ESORICS 2007). . . ◮ Checking whether an execution assignment is valid can be performed in polynomial time ◮ The number of execution assignments is | T | | U | . . . although for most practical examples fast algorithms exist

  10. Complexity Determining whether a schema is satisfiable is an NP-complete problem in general (Wang and Li, ESORICS 2007). . . ◮ Checking whether an execution assignment is valid can be performed in polynomial time ◮ The number of execution assignments is | T | | U | . . . although for most practical examples fast algorithms exist Determining whether an instance is satisfiable is equivalent to determining whether a modified schema is satisfiable (Crampton, SACMAT 2005)

  12. Workflow Execution Models: WDEM WfMS-driven execution model (WDEM) ◮ A tasklist is generated when a workflow schema is instantiated ◮ WfMS assigns tasks to users on basis of authorization information and ensures no constraints are violated ◮ User is obliged to perform the task(s) to which she has been assigned ◮ Tasklists may be static or dynamic

  13. Workflow Execution Models: WDEM WfMS-driven execution model (WDEM) ◮ A tasklist is generated when a workflow schema is instantiated ◮ WfMS assigns tasks to users on basis of authorization information and ensures no constraints are violated ◮ User is obliged to perform the task(s) to which she has been assigned ◮ Tasklists may be static or dynamic We make two important observations ◮ A static tasklist is a valid execution assignment ◮ A dynamic tasklist is a satisfiable instance

  14. Workflow Execution Models: UDEM User-driven execution model (UDEM) ◮ The WfMS simply manages the execution of a workflow instance ◮ Users initiate (access) requests to perform pending tasks

  15. Workflow Execution Models: UDEM User-driven execution model (UDEM) ◮ The WfMS simply manages the execution of a workflow instance ◮ Users initiate (access) requests to perform pending tasks The workflow access control mechanism decides whether the request should be granted ◮ Clearly user must be authorized ◮ The instance must remain satisfiable if the request is granted

  17. Introduction Informally, delegation is an act of temporarily authorizing a user (for a permission, to perform a task, etc. . . ) ◮ The delegator may grant authorization to the delegatee ◮ The delegator may transfer authorization to the delegatee

  18. Introduction Informally, delegation is an act of temporarily authorizing a user (for a permission, to perform a task, etc. . . ) ◮ The delegator may grant authorization to the delegatee ◮ The delegator may transfer authorization to the delegatee Task delegation can occur in two basic forms in WfMSs ◮ Concrete task delegation authorizes the delegatee to perform the delegated task only in the specified workflow instance ◮ Abstract task delegation authorizes the delegatee to perform the delegated task in any workflow instance

  19. Delegation in Workflows The semantics of a delegation operation depends on three factors ◮ the workflow execution model (WDEM or UDEM) ◮ the type (abstract or concrete) of the delegated task ◮ the type (grant or transfer) of the delegation operation

  20. Delegation in Workflows The semantics of a delegation operation depends on three factors ◮ the workflow execution model (WDEM or UDEM) ◮ the type (abstract or concrete) of the delegated task ◮ the type (grant or transfer) of the delegation operation Note that ◮ grant of concrete tasks is meaningless in WDEM ◮ grant and transfer of concrete tasks is meaningless in UDEM A further question arises for transfer of abstract tasks in WDEM ◮ Are concrete task assignments transferred to the delegatee (cascading transfer) or not (non-cascading)?

  21. Summary of Delegation Operations Concrete Tasks Grant Transfer WDEM n/a Yes UDEM n/a n/a Abstract Tasks Transfer Grant Non-cascading Cascading WDEM Yes Yes Yes UDEM Yes Yes n/a

  23. Introduction Delegation modeled as access request ◮ Delegation policy will decide whether request is authorized ◮ Request may be granted or denied Granting request will change authorization state ◮ Granting request may result in unsatisfiable instance or schema ◮ Therefore must have additional satisfiability checks when deciding delegation requests

  24. Concrete Tasks Concrete Tasks Grant Transfer WDEM n/a Updates tasklist UDEM n/a n/a Must check whether revised tasklist is a ◮ valid execution assignment (static tasklists) ◮ satisfiable instance (dynamic tasklists)

  25. Abstract Tasks Transfer Grant Non-cascading Cascading WDEM Updates A Updates A Updates A and tasklists UDEM Updates A Updates A n/a Grant delegations are “monotonic” ◮ Any valid execution assignment remains valid ◮ Satisfiability not an issue for grant delegation requests

  26. Abstract Tasks Transfer Grant Non-cascading Cascading WDEM Updates A Updates A Updates A and tasklists UDEM Updates A Updates A n/a A transfer is permitted if ◮ the updated workflow authorization schema is satisfiable ◮ all updated tasklists are valid execution assignments and/or satisfiable instances

  27. Abstract Tasks Transfer Grant Non-cascading Cascading WDEM Updates A Updates A Updates A and tasklists UDEM Updates A Updates A n/a A transfer is permitted if ◮ the updated workflow authorization schema is satisfiable ◮ all updated tasklists are valid execution assignments and/or satisfiable instances Necessary but not sufficient. . .

  28. Example: WDEM, Dynamic, Non-cascading Transfer ◮ Set of tasks T = { t 1 , t 2 , t 3 } ◮ Set of users { a , b , c } ◮ t 1 and t 2 must be performed by different users ◮ t 2 and t 3 must be performed by different users Before transfer After transfer Is satisfiable? A(t 1 ) = { a , b } Schema A(t 2 ) = { a , c } A(t 3 ) = { b , c } Tasklist [( t 1 , a ) , ( t 2 , c )]

  29. Example: WDEM, Dynamic, Non-cascading Transfer ◮ Set of tasks T = { t 1 , t 2 , t 3 } ◮ Set of users { a , b , c } ◮ t 1 and t 2 must be performed by different users ◮ t 2 and t 3 must be performed by different users Before transfer After transfer Is satisfiable? A(t 1 ) = { a , b } Schema Yes A(t 2 ) = { a , c } A(t 3 ) = { b , c } Tasklist [( t 1 , a ) , ( t 2 , c )] Yes

  30. Example: WDEM, Dynamic, Non-cascading Transfer ◮ Set of tasks T = { t 1 , t 2 , t 3 } ◮ Set of users { a , b , c } ◮ t 1 and t 2 must be performed by different users ◮ t 2 and t 3 must be performed by different users b performs non-cascading transfer of t 3 to a Before transfer After transfer Is satisfiable? A(t 1 ) = { a , b } A(t 1 ) = { a , b } Schema Yes A(t 2 ) = { a , c } A(t 2 ) = { a , c } A(t 3 ) = { b , c } A(t 3 ) = { a , c } Tasklist [( t 1 , a ) , ( t 2 , c )] [( t 1 , a ) , ( t 2 , c )] No

Recommend

On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton

On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton

Introduction WDEM UDEM On Delegation and Concluding remarks Workflow Execution Models Questions Jason Crampton Hemanth Khambhammettu Information Security Group Royal Holloway, University of London SAC 2008 One-Page Overview

575 views • 26 slides
Planning as Satisfiability Enrico Giunchiglia Laboratory of Systems and Technologies for

Planning as Satisfiability Enrico Giunchiglia Laboratory of Systems and Technologies for

Planning Classical Planning Satisfiability of Boolean formulas (SAT) and Planning QBFs satisfiability and Planning Planning as Satisfiability Enrico Giunchiglia Laboratory of Systems and Technologies for Automated Reasoning (STAR-Lab) DIBRIS

1.5k views • 137 slides
DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the

DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the

DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the benefits of delegation. Define delegation, and identify its benefits and uses. Explain the basic methods involved in successful delegation. Explore the

1.79k views • 149 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

Fachgebiet RechnerSysteme Technische Universitt Verification Technology Darmstadt 3. Satisfiability Checking Computer Systems Lab 1 3. Satisfiability Checking 3 3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification

278 views • 11 slides
Get Out of Overwhelm: Using Delegation, Systems, and Automation to Get More Done in Less Time

Get Out of Overwhelm: Using Delegation, Systems, and Automation to Get More Done in Less Time

1/24/2019 Get Out of Overwhelm: Using Delegation, Systems, and Automation to Get More Done in Less Time Kris Murray President & Founder 1 Thanks Fran for bringing me back! Thanks SmartCare for sponsoring my session!

478 views • 17 slides
workflow: workflow: QSPR = Quantitative Structure Property

workflow: workflow: QSPR = Quantitative Structure Property

workflow: workflow: QSPR = Quantitative Structure Property Relationship workflow: workflow: 1600 1500 1400 1300 1200 1100 1000 900 mass (Da) 800 700 600 500 400 300 200 100 0 -5 -4 -3 -2 -1

793 views • 33 slides
Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter

Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter

Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter Hutter DFKI Bremen Workflow management systems Coordinating manual and (semi-)automatic activities involving multiple users Security

364 views • 17 slides
The Satisfiability Problem [HMU06,Chp.10b] Satisfiability (SAT) Problem Cooks

The Satisfiability Problem [HMU06,Chp.10b] Satisfiability (SAT) Problem Cooks

The Satisfiability Problem [HMU06,Chp.10b] Satisfiability (SAT) Problem Cooks Theorem: An NP-Complete Problem Restricted SAT: CSAT, k-SAT, 3SAT 1 Satisfiability (SAT) Problem 2 Boolean Expressions Boolean, or

727 views • 57 slides
An Algebraic Approach to the Analysis of Constrained Workflow Systems Workshop on Foundations of

An Algebraic Approach to the Analysis of Constrained Workflow Systems Workshop on Foundations of

An Algebraic Approach to the Analysis of Constrained Workflow Systems Workshop on Foundations of Computer Security, 12 July 2004 Jason Crampton Information Security Group, Royal Holloway, University of London What is a workflow system? A

638 views • 25 slides
Welcome To Your Resource Center Eliminate 90% of your Work Automation Delegation Systems

Welcome To Your Resource Center Eliminate 90% of your Work Automation Delegation Systems

Welcome To Your Resource Center Eliminate 90% of your Work Automation Delegation Systems Good News Its all in place for you. Simply plug and play. 3 Key Ingredients Gold Club Virtual Assistants DREAMS Introducing

784 views • 66 slides
Satisfiability Warsaw lectures V.W. Marek Department of Computer Science University of Kentucky

Satisfiability Warsaw lectures V.W. Marek Department of Computer Science University of Kentucky

Satisfiability Satisfiability Warsaw lectures V.W. Marek Department of Computer Science University of Kentucky October 2013 1 / 1 Satisfiability What it is about? Satisfiability is a popular logic-based formalism to represent

1.52k views • 135 slides
Day 8 Workflow Cloud Resource Provisioning Todays Agenda Introduction What is workflow?

Day 8 Workflow Cloud Resource Provisioning Todays Agenda Introduction What is workflow?

2/7/2018 Day 8 Workflow Cloud Resource Provisioning Todays Agenda Introduction What is workflow? What are major QoS requirements? How is workflow represented? Our work in workflow scheduling Research problems

470 views • 13 slides
A Workflow Workflow for for Retrieving Retrieving Orthologous Orthologous A Promoters and I

A Workflow Workflow for for Retrieving Retrieving Orthologous Orthologous A Promoters and I

A Workflow Workflow for for Retrieving Retrieving Orthologous Orthologous A Promoters and I mplications I mplications for for Workflow Workflow Promoters and Management Systems. Management Systems. A Case Case Study Study. . A Part

330 views • 17 slides
Non-cyclic sorts for first-order satisfiability (or how to win first-order satisfiability at CASC)

Non-cyclic sorts for first-order satisfiability (or how to win first-order satisfiability at CASC)

Non-cyclic sorts for first-order satisfiability (or how to win first-order satisfiability at CASC) Konstantin Korovin 1 The University of Manchester korovin@cs.man.ac.uk FroCoS 2013 1 supported by a Royal Society University Fellowship

648 views • 54 slides
LISA 09 Federated access control and workflow enforcement in systems configuration Bart

LISA 09 Federated access control and workflow enforcement in systems configuration Bart

LISA 09 Federated access control and workflow enforcement in systems configuration Bart Vanbrabant, Thomas Delaet and Wouter Joosen DistriNet, Dept. of Computer Science, K.U.Leuven, Belgium November 6, 2009 1 / 40 Outline Systems

852 views • 40 slides
Kap. 12 Workflow Management in ERP-Systemen 12.1 Workflow Management: Konzepte 12.2 Einbindung

Kap. 12 Workflow Management in ERP-Systemen 12.1 Workflow Management: Konzepte 12.2 Einbindung

Kap. 12 Workflow Management in ERP-Systemen 12.1 Workflow Management: Konzepte 12.2 Einbindung von Workflow Management- Funktionalitt in ERP-Systeme 12.3 SAP Business Workflows Objektverwaltung hherer Ordnung (OHO) SS 2001 Kapitel 12:

746 views • 27 slides
Monitoring and Workflow management Monitoring and Workflow management in large distributed

Monitoring and Workflow management Monitoring and Workflow management in large distributed

Monitoring and Workflow management Monitoring and Workflow management in large distributed systems in large distributed systems March 2011 1 The MonALISA Framework The MonALISA Framework MonALISA is a Dynamic, Distributed Service System

678 views • 32 slides
Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola Gigante University of Udine, Italy Joint work with Angelo Montanari, Mark Reynolds, Luca Geatti The need for formal verification Safety-critical

489 views • 47 slides
Maximum Satisfiability Ruben Martins http://www.cs.cmu.edu/~mheule/15816-f19/ Automated

Maximum Satisfiability Ruben Martins http://www.cs.cmu.edu/~mheule/15816-f19/ Automated

Maximum Satisfiability Ruben Martins http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, October 1, 2019 1/41 What is Boolean Satisfiability? Fundamental problem in Computer Science The first problem to be

1.46k views • 123 slides
Peoplesoft Workflow Peoplesoft Workflow Technology Technology Putting Customer First SOA IT

Peoplesoft Workflow Peoplesoft Workflow Technology Technology Putting Customer First SOA IT

Peoplesoft Workflow Peoplesoft Workflow Technology Technology Putting Customer First SOA IT Putting Customer First Highlights Introduction Workflow Understanding Workflow Components of Workflow Steps for Developing

843 views • 56 slides
STAR-CCM+ in your Workflow Bill Jester, CD-adapco STAR-CCM+ in your workflow Contents

STAR-CCM+ in your Workflow Bill Jester, CD-adapco STAR-CCM+ in your workflow Contents

STAR-CCM+ in your Workflow Bill Jester, CD-adapco STAR-CCM+ in your workflow Contents Introduction CAE workflow questions: CAE workflow questions: Where are you starting? How is your model organized? y g What results do

494 views • 30 slides
On Clause Learning Algorithms for Satisfiability Sam Buss SDF@60 Kurt G odel Research Center

On Clause Learning Algorithms for Satisfiability Sam Buss SDF@60 Kurt G odel Research Center

Clause Learning On Clause Learning Algorithms for Satisfiability Sam Buss SDF@60 Kurt G odel Research Center Vienna July 13, 2013 Clause Learning Satisfiability Satisfiability ( Sat ) An instance of Satisfiability ( Sat ) is a set of

483 views • 23 slides
Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura SRI International NYU Microsoft Research Satisfiability Modulo Theories and DPLL(T) Problem Check a given formula for satisfiability modulo the

889 views • 65 slides

More recommend