Stochastic Workflow Authorizations with Queueing Constraints

Document Type


Date of Original Version



Cloud-based workflow architecture has been widely used in e-science, e-business, smart city, and others, to automate business processes and improve their flexibility and maintainability. Online workflow executes in a collaborative and distributed environment and is prone to fraud and information leakage. Workflow authorization models are implemented to ensure that tasks are performed by authorized subjects with compliance of security/privacy polices. However, existing workflow authorization models have some limitations. First, most of the existing research focuses on static workflows, where an order arriving at a workflow traverses tasks in a fixed sequence. In many real applications, however, task routing is not deterministic, having a probability distribution or pattern that may be estimated from historical data. Second, existing research ignores practical resource constraints, like user utilization, order waiting time, etc. To address the limitations, this article studies the workflow authorization model under the more realistic dynamic settings. We formulate a workflow as a queueing system, so business constraints can be analytically represented, under reasonable assumptions. We model the studied problems as pseudo-Boolean satisfiaiblity problems and investigate their theoretical properties. We also develop algorithms and carry out computational studies. The experimental results show the effectiveness and efficiency of our developed solutions. Our research results are useful for production and process design in many real-life settings such as health care, online banking and electronic payment systems.

Publication Title

IEEE Transactions on Dependable and Secure Computing