Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decentralized Workflow Control and Conflict of Interest

Published byBernadette King Modified over 6 years ago

Similar presentations

Presentation on theme: "Decentralized Workflow Control and Conflict of Interest"— Presentation transcript:

1 Decentralized Workflow Control and Conflict of Interest
Vijay Atluri Soon Ae Chun Pietro Mazzoleni

2 Our Contributions Decentralized WF Control Contribution Part I:
Decentralized WF Control Model Join Relations SELF describing Workflow, WFMS Stub WF partition, dependency splitting, dependency evaluation Contribution Part II: Conflict of Interest problem in Decentralized control COI model for decentralized WF Restrictive partition Secure WFMS stub

3 Centralized Workflow Management
gateway Enter Input spec XEROX buy computer bs buy printer Bf or p>$400 IT Agent bs bs IT Agent Bs and Date <3/21/01 Bs and p<=$400 buy printer external CD writer buy computer bs Notify DELL HP PANASONIC DELL GEATWAY HP XEROX PANASONIC Performance bottleneck do not scale well not suitable if systems are inherently autonomous and distributed

4 Decentralized Workflow Management
IT agent Gateway XEROX 1 Enter Input Date/destination 5 3 Reserve airline Rent A car bs bf or p>$400 bs bs 7 4 Bs and Date <3/21/01 Reserve Airline 6 Rent a car bs Reserve a hotel 2 Bs and p<=$400 Notify DELL HP PANASONIC IT agent GATEWAY XEROX DELL 3 5 6 7 5 6 7 3 5 HP PANASONIC 2 7 4 6 4 6 7 6 7

5 Our Contribution Part 1:
WF Model Join Relations Decentralized WF Control Model SELF describing Workflow, WF partition dependency splitting, dependency evaluation WFMS Stub

6 Workflow Model Task structure: Inter-task dependencies
Workflow can be defined as a pair (G, J) where G=(T,D) is a directed graph with T as a node set for tasks t1, t2, ..tn in the workflow and D as an edge set with dependencies, ti tj and J is a set of join relations among dependencies, j1,j2..jp in ab ex cm b a c fl su e Task structure: -a set of visible execution states {initial, executing, done, aborted, success, failed} -a set of task primitives {begin, abort, finish, commit, evaluate} Inter-task dependencies -Control-flow (state) dependencies -Value dependencies -External dependencies <head, d, tail, pr> e.g. <ti, c, tj, begin> Join Relations <head, d, head, pr> e.g. <ti, de, ti, begin> Begin on commit dependency (ti c tj) abort dependency (ti a tj) ti can begin only if tj's output is x ti can begin only at 9:00am or after 24hrs after the completion of tj

7 Join Relations AND/OR split AND Join bs bs flight<$200
reserve hotel bs flight<$200 Reserve Hilton reserve flight reserve flight bs rent a car Country Hill AND Join flight>=$200 Reserve Hotel Reserve Flight Book the trip AND (Hilton.price + Country.price < $400 Hotel Hilton Country Hill Book the hotel (Hiton.double>= 3 OR Country.double>=3) AND (Hiton.single>= 4 OR Country.single>=4) AND

8 Dependency/Preconditions
Dependency expressions in d in ti tj are Pre(tj) Pre_begin(tj): < t1, commit ^ price >$200, tj, begin> Pre_commit(tj): < t1, success ^ price >$200, tj, commit> Pre_abort(tj): < t1, abort, tj, abort> d buy HDisk buy CPU bc ^ price>$200 Pre_begin(tj) = (ti.state = commit ^ t1.price>$200) bs t1 t3 (t1.price + t2.price >$200) t2 bs Pre_begin(t3) = (ti.state = s ^ t2.state=s ^ t1.price+t2.price>$200)

9 Our Approach to Decentralized Workflow Management
Self-describing Workflow Workflow Stub WFMS server (A0) t2 bs t1 t4 self describing workflow WFMS stub bs t3 bf (t1, A1, Input (t1), t2 bs t1 t4 bs t3 bs WFMS Stub WFMS Stub (t2, A2, Input (t2), A2 (t2) t2 WFMS Stub A1 (t1) A4 (t4) (t3, A3, Input (t3), (t4, A4, Input (t4), WFMS Stub t4 t4 t3 bs A3 (t3)

10 Decentralized Workflow Control Model
Self Describing Workflow: Workflow Partition with instance information <ti, PRE(ti), OutState(ti), Pi> ti = task, agent A(ti), activities, input, output PRE(ti)= preconditions for ti’s transition operation OutState = control,value, external dependency state for ti from previous task tj (tj ti) Pi= workflow partition where ti is the initial task

11 WFMS Stub Receives the self-describing workflow, extract task
Partition remaining workflow Evaluate precondition Execute task Split dependency into immediate and deferred preconditions Evaluate immediate precondition adjust OUTSTATE (with signals) Construct self-describing workflow for each partition forwards each self-describing wf to the subsequent task agents

12 WFMS Stub: Case 1 tj can start in parallel with ti (ti tj) c c xxx
audio card speakers xxx 1. A(ti) does not evaluate dependency(tj) 2. Partition Pj and forward SELF(Pj) to A(tj) 3. Execute ti 4. Evaluate dependency 5. Send OutState(ti) with signals to A(tj)

13 Workflow Partition for A(ti)
Given Pi, For each tj which has outgoing edge from ti Pj = a connected path from j P1 2 4 5 1 3 P2 : 2 P3: 3 4 5 SELF(P2) =<t2, A(t2), Pre(t2), OutState(t1)>

14 WFMS Stub: Case 2 ti have to evaluate PRE(tj) (dependency) before sending SELF(Pj) bs bs audio card speakers xxx Pj 1. if Pre_begin(ti)=true, Execute ti 2. Partition Pj 3. Precondition Splitting =PRE(tj) 4. Evaluate immediate dependency 5. if PRE_begin(tj)=true forward SELF(Pj) to A(tj) else NO forward SELF(Pj)

15 Dependency/Precondition Splitting
bs t1 t3 (t1.price + t2.price >$200) t2 bs Pre_begin(t3) = (ti.state = s ^ t2.state=s ^ t1.price+t2.price>$200) (Hiton.double>= 3 OR Country.double>=3) AND (Hiton.single>= 4 OR Country.single>=4) (CPU.price +HD.price < $400 Immediate v. Deferred Preconditions AND OR OR t1.double>= 3 t2.double>= 3 t1.single>= 4 t2.single>= 4

16 Dependency/Precondition Splitting
1. Immediate Evaluation only: Pre(tj) =( ti.state=s) 2. Deferred Evaluation only: PRE(t3) = t1.price+t2.price>$200 3. Split: partial evaluation at ti, rest in tj PRE(t3) = (ti.state = s ^ t2.state=s ^ t1.price+t2.price>$200) PRE(t3) =(Hiton.double>= 3 OR Country.double>=3) AND (Hiton.single>= 4 OR Country.single>=4) Why splitting and immediate evaluation? 1. WF control semantics mandates it. (Control flow) 2. Evaluate only if needed (one OR operand can be skipped) 3. Reduce amount of information (evaluated truth value v. expressions) among task agencies 4. Reveal only need-to-know information

17 Dependency/Precondition Splitting
AND OR OR t1.double>= 3 t2.double>= 3 t1.single>= 4 t2.single>= 4 X R R X Immediate Precondition (t1): ( t1.double >= 3 OR X ) AND (t1.single>=4 OR X) Deferred Precondition(t1) (t1.singal1 OR t2.double>=3) AND (t1.signal2 OR t2.single>=4) Immediate Precondition (t2): ( X OR t2.double ) AND (X OR t2.single>=4) Deferred Precondition(t2) (t1.double OR t2.signal1) AND (t1.single>=4 OR t2.signal2)

18 Dependency/Precondition Evaluation
Immediate evaluation at t1 AND OR OR t1.double>= 3 X t1.single>= 4 X OutState(t1) ={ t1.signal1=F, t1.signal2=F} U OutState(t1) Deferred Evaluation at t3 (t1.singal1 OR t2.double>=3) AND (t1.signal2 OR t2.single>=4) Wait results from t2, and evaluate the whole deferred expression

19 WFMS Stub: Case 3 ti have to wait for a PRE_commit(ti) to complete execution c audio card speakers xxx Pj 1. Partition Pj 2. Precondition Splitting =PRE(tj) 3. execute ti until done 4. Wait until Deferred_PRE= true 5. If no error, commit(ti) 6. Evaluate Immediate dependency 7. forward SELF(Pj) to A(tj)

20 Our approach to Decentralized Control (So far and future)
WF Model Join Relations Decentralized WF Control Model SELF describing Workflow, WF partition dependency splitting (immediate v. deferred) dependency evaluation (signal OutStates) WFMS Stub Need to address Dynamic changes/dynamic customizations handle failure, recovery, compensation

21 Our Contribution Part 2:
Conflict of Interest problem in Decentralized control COI model for decentralized WF Restrictive partition Secure WFMS stub

22 Conflict of Interest Problem
Execution agents are in conflict of interest one agent can manipulate control or value dependencies in Workflow for its advantage e.g. price is lowered to $400 at DELL ==> disadvantage against GATEWAY and consumer Simple partition algorithm wouldn’t do gateway Enter Input spec XEROX buy computer bs buy printer Bf or p>$400 IT Agent bs bs IT Agent Bs and Date <3/21/01 Bs and p<=$400 buy printer external CD writer buy computer bs Notify DELL HP PANASONIC

23 No Conflict of Interest problem in Centralized Control
gateway Enter Input spec XEROX buy computer bs buy printer Bf or p>$400 IT Agent bs bs IT Agent Bs and Date <3/21/01 Bs and p<=$400 buy printer external CD writer buy computer bs Notify DELL HP PANASONIC DELL GEATWAY HP XEROX PANASONIC No Conflict of Interest problem arises in centralized Management The control/value dependencies or destination of its output is unknown to a particular A(ti)

24 Chinese Wall Policy Objective: prevent information flows that cause conflict of interest for individual consultants Brewer and Nash Model Read Rule Discretionary access Mandatory access denial r X consultant Bank B Bank A r Insurance Oil B

25 X Chinese wall policy Read Rule: S can read O only if
O is within the wall or O is outside the wall Write Rule: S can write O only if S can read O by BN Read rule no object can be read which is in the different company set to the one for which write access is requested w Bank A Oil A Consultant A r X r Oil B Consultant B w

26 Conflict of Interest Task Agents
COI group1 COI group2 COI group n Continental Delta Holiday Inn Marriot Avis Hertz

27 Chinese Wall Security Model for Decentralized Workflow
Object: sensitive v. non-sensitive object sensitive: dependency, Outstate that changes execution flow ( e.g. sensitive(d1) = price) Non-sensitive: output(ti) gateway Enter Input spec XEROX buy computer bs buy printer Bf or p>$400 IT Agent bs bs IT Agent Bs and Date <3/21/01 Bs and p<=$400 buy printer external CD writer buy computer bs Notify DELL HP PANASONIC Subject: task execution agent, S COI(S) = conflict of interest class S belongs to COI(DELL) = GATEWAY, COMPAQ, ... O  S ==> O  COI(S)

28 Chinese Wall Security Model for Decentralized Workflow
Read/Evaluate Rule: S can read dependency O if O  S or O COI(S) Subject can read and evaluate dependency object of its own company, or any dependency that does not belong to the same COI class as S’s company e.g. (bf OR p>$400) belongs to both DELL and GATEWAY. BOTH can’t read this object, hence can’t evaluate it Write/Partition Rule S can write if S can read Subject is not allowed to construct SELF with sensitive objects that belongs to the same COI class e.g. DELL can’t construct SELF WF for GATEWAY.

29 Our Approach: Restrictive Partition
partition Pj does not contain any sensitive object O  COI (A(tj)) 3 5 TA2 2 SAME COI 4 6 7 4 6 7 TA 4 3 5 TA 3

30 Critical Partition: non-adjacent tasks
SAME COI 3 5 Critical Partition 2 4 6 7 Bf or price > $400 4 6 7 TA 4 TA 3 3 5 TA4 4 6 TA6 6 signal 7 Bf or price > $400

31 Critical Partition -adjacent tasks
3 5 2 SAME COI 4 6 7 Critical Partition 4 6 7 TA 4 TA 3 3 5 2 3 5 2 Bf or price > $400

32 Secure WFMS Stub at A(ti)
Given SELF(ti) extract ti Pj = Restrictive Partition of Pi Restrictive dependency splitting Construct SELF(Pj) CASE 1: tj can be parallel with ti, forward SELF(Pj) Evaluate DEFERRED_PRE(begin), execute ti Evaluate IMMEDIATE_PRE(ti), send DEFERRED_PRE(commit) CASE 2: Evaluate DEFERRED_PRE(begin), execute ti send SELF(Pj) CASE 3: ( ti was in parallel with previous task) execute ti until done wait until signal is received if (DEFERRED-PRE(commit)=true) then finish up ti

33 Working on AND join -- sensitive dependency splitting 3 5 6 7 1 2 4

34 Related Work Cryptography:
Onion Ring: Mobile code security, distributed computing A message for each execution agent is encrypted with the agent’s key Assumes static execution path => can’t work workflow: dynamic execution state and results into account P m1 m2 m3 host1 host1 host1 Key(A) Key(B) Key(C) Encrypted control information and destination: wouldn’t be able to evaulate control info or destination

35 Related work: Static distribution of control flow
EXOTICA/Flowmark (Mohan & Alonso 1995): decomposition of workflow is done centrally distributed partitions in designated hosts statically h1 h2 h3 For different workflow or different partitioning of workflow, need to configure the hosts differently Do not address COI problem

36 METEOR2(ORBWork, WEBWork): (Sheth et al: 1997)
Related Work METEOR2(ORBWork, WEBWork): (Sheth et al: 1997) Workflow code generator reads workflow specification and creates task manager routines which contain the scheduling logic Each task manager is aware of its immediate successors and capable of activating the follow-up task managers once the task it controls terminates Designer Automatic code generation TM TM TM task task task TM task Task Manager code can be cracked for control and value dependency Do not address COI problem

37 Architecture Composition Generation Agency 1 Task Execution Agent
Workflow Interface Customized Worflow generator WFMS Stub Form & Service Agency 1 Task Execution Agent Interoperability WFMS Stub Local DB Agency N Composition Generation

38 Architecture Agency 1 Task Execution Agent Local DB Interoperability
Workflow Interface Customized Worflow generator WFMS Stub Form & Service Agency 1 Task Execution Agent Interoperability WFMS Stub Local DB Agency N

39 References Brewer & Nash1989 Sandu1992 Alonso, Mohan & et al. 1995
Sheth et al. ORBWORK, 1997 A. Myers: Jflow: Practical mostly-static information flow control, 1999

Download ppt "Decentralized Workflow Control and Conflict of Interest"

Similar presentations

Wireless network Usually use Radio Frequency (RF) technology Adv :

Wireless network Usually use Radio Frequency (RF) technology Adv :
FIPA Interaction Protocol. Request Interaction Protocol Summary –Request Interaction Protocol allows one agent to request another to perform some action.

FIPA Interaction Protocol. Request Interaction Protocol Summary –Request Interaction Protocol allows one agent to request another to perform some action.
Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.
Transaction Processing Lecture 2005 09 22 ACID 2 phase commit.

Transaction Processing Lecture ACID 2 phase commit.
CS 582 / CMPE 481 Distributed Systems

CS 582 / CMPE 481 Distributed Systems
Distributed DBMSPage 10-12. 1© 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.

Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.

© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.
A Decentralized Workflow Model and its Implementation in a Digital Government Environment Pietro Mazzoleni CIMIC - Rutgers University, Newark (NJ) USA.

A Decentralized Workflow Model and its Implementation in a Digital Government Environment Pietro Mazzoleni CIMIC - Rutgers University, Newark (NJ) USA.
1 ICS 214B: Transaction Processing and Distributed Data Management Lecture 15: Data Replication with Network Partitions & Transaction Processing Systems.

1 ICS 214B: Transaction Processing and Distributed Data Management Lecture 15: Data Replication with Network Partitions & Transaction Processing Systems.
Chapter 11: Distributed Processing Parallel programming Principles of parallel programming languages Concurrent execution –Programming constructs –Guarded.

Chapter 11: Distributed Processing Parallel programming Principles of parallel programming languages Concurrent execution –Programming constructs –Guarded.
The new The new MONARC Simulation Framework Iosif Legrand  California Institute of Technology.

The new The new MONARC Simulation Framework Iosif Legrand  California Institute of Technology.
Definition of terms Definition of terms Explain business conditions driving distributed databases Explain business conditions driving distributed databases.

Definition of terms Definition of terms Explain business conditions driving distributed databases Explain business conditions driving distributed databases.
Algorithms for Self-Organization and Adaptive Service Placement in Dynamic Distributed Systems Artur Andrzejak, Sven Graupner,Vadim Kotov, Holger Trinks.

Algorithms for Self-Organization and Adaptive Service Placement in Dynamic Distributed Systems Artur Andrzejak, Sven Graupner,Vadim Kotov, Holger Trinks.
Chapter 4.  Understand network connectivity.  Peer-to-Peer network & Client-Server network  Understand network topology  Star, Bus & Ring topology.

Chapter 4.  Understand network connectivity.  Peer-to-Peer network & Client-Server network  Understand network topology  Star, Bus & Ring topology.
WMS systems manage and coordinate several independent subtasks. The coordination problems get even more serious when the subtasks are performed on separate.

WMS systems manage and coordinate several independent subtasks. The coordination problems get even more serious when the subtasks are performed on separate.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing

Chapter 22 Network Layer: Delivery, Forwarding, and Routing
Examples of TPS 1 In this section, we examine the: components of a TPS the examples of real-time transaction processing batch transaction processing.

Examples of TPS 1 In this section, we examine the: components of a TPS the examples of real-time transaction processing batch transaction processing.
مهندسی مجدد فرآیندهای تجاری

مهندسی مجدد فرآیندهای تجاری
TRANSACTION MANAGEMENT R.SARAVANAKUAMR. S.NAVEEN..

TRANSACTION MANAGEMENT R.SARAVANAKUAMR. S.NAVEEN..

Similar presentations

Ads by Google