- مبلغ: ۸۶,۰۰۰ تومان
- مبلغ: ۹۱,۰۰۰ تومان
Mobile workflow execution is gaining importance as traditional process execution systems are employed in many new scenarios such as mobile networks or the Internet of Things. Unfortunately, in these solutions, security is still based on control loops or computer science techniques which have not evolved as fast as current mobile systems and applications. In this context, in order to improve the security level of these systems, it is necessary to create a security framework tightly coupled with the mobile workflow execution platforms. To contribute filling this gap, we propose a framework to inject security controls in workflows, which supports mobile execution and allows a flexible decision making. This solution models security as control points where some relevant previously defined indicators are evaluated. Depending on the obtained values, the framework takes corrective, preventive or adaptive actions, considering also the execution system capabilities and the workflow being executed. In order to evaluate the effectiveness and performance of the proposed solution we include experimental validation.
This paper addressed the problem of modeling security controls in mobile and distributed workflow executions, and how to enhance mobile workflow execution in the security scope. We proposed a framework to inject security controls in workflows, by modeling security as control points present in executing mobile workflows. The results obtained in the injected security controls are employed to make decisions (corrective, preventive and adaptive actions) in a flexible way, depending on the execution system capabilities and the workflow context, in order to enhance the mobile execution.
As an extension of a previous paper , we evolved our previously defined workflow model considering control and security events, and defining the transaction between the execution system and the security framework, including some mechanisms to support the usage of remote resources in the context of the selected security actions.
The security framework was implemented in a prototype in the form of a mobile application for Android. To evaluate the prototype’s performance, we created three services for the application of security actions in real-time according to the preventive, corrective and adaptive scenarios.