A Design-Time Semi-Automatic Approach for Obfuscating a Business Process Model in a Trusted Multi-Cloud Deployment: A Design-Time Approach for BP Obfuscation

A Design-Time Semi-Automatic Approach for Obfuscating a Business Process Model in a Trusted Multi-Cloud Deployment: A Design-Time Approach for BP Obfuscation

Amina Ahmed Nacer (LIMED Laboratory, Faculty of Exact Sciences, University of Bejaia, Bejaia, Algeria & LORIA Laboratory, University of Lorraine, Nancy, France), Elio Goettelmann (LIST Luxembourg Institute of Technology and Loria, Luxembourg, Luxembourg), Samir Youcef (LORIA Laboratory, University of Lorraine, Nancy, France), Abdelkamel Tari (LIMED Laboratory, Faculty of Exact Sciences, University of Bejaia, Bejaia, Algeria) and Claude Godart (LORIA Laboratory, University of Lorraine Nancy, France)
Copyright: © 2018 |Pages: 21
DOI: 10.4018/IJWSR.2018100104
OnDemand PDF Download:
No Current Special Offers


To enjoy the benefits of cloud computing, organizations managing complex business processes want to outsource their processes. However, as such processes express their know-how and because of the nature of the cloud, they are still reluctant to do so. To prevent such a know-how exposure, this article proposes a design-time approach for obfuscating a BP model by splitting its model into a collaboration of BP fragments semantically equivalent to the initial BP. This breaking down renders the discovery by cloud providers of-the-deep content of a critical fragment, and more of the whole process, much harder when these fragments are deployed in a multi-cloud context. While existing contributions on the topic of BP obfuscation remain at the level of principles, the authors propose an algorithm supporting automatically such a BP model transformation. The approach is validated against an obfuscation metric introduced in the article. The obtained results show that the authors' algorithm generates BP fragment with a high obfuscation level, contributing to protect BP know-how when deployed in a multi-cloud context.
Article Preview


The huge development of technologies pushes companies to be innovative in order to remain competitive. One way for them is the use of cloud resources which avoids upfront infrastructure costs, and helps organizations to focus on their core business activities instead of their system infrastructure.

However, as business processes (BP) of companies express their know-how, and because the cloud introduces new security risks, they are still reluctant (Cloud Security Alliance, 2014; European Network and Information Security Agency, 2009) to use the cloud for deploying their BP.

Therefore, for enjoying cloud advantages, one way for companies to prevent security and especially know-how exposure risks, is to transform their process models at premises so that it is difficult for cloud providers to discover the deep content of a critical fragment, and more of the whole BP.

(Goettelmann, Mayer, & Godart, 2013) has proposed a methodology for transforming and obfuscating a BP (Business Process) model before its deployment in the cloud. But, this obfuscation process is yet at the level of recommendations, and the obfuscation work has to be done mainly by designers' hands. The objective of the work described in this paper is to go one step further by providing an approach for partly automating this obfuscation process, more precisely the BP model splitting recommended in the methodology.

The research questions addressed in this work are: how to efficiently split a BP model into a collaboration of BP fragments models, each fragment containing as less as possible know-how of the global process? On which language constructs to rely for automating this process? In addition, this work must remain compatible with existing workflow management systems and other dimensions of security and quality of services.

As a result, the contributions of this paper are:

  • An algorithm for automating the splitting of a BP into a collaboration of BP fragments. The main idea is to split critical tasks where “decisions” are taken and “synthesis” done into complementary BP fragments assigned to different clouds (section 4);

  • A BP obfuscation metric for evaluating the cloud configurations generated by our algorithms with other cloud configurations.

The rest of this paper is organized as follows. The next section establishes the motivation and the context of this work. Then the notion of a critical BP fragment (“decision” or “synthesis”), on which we pay a particular effort for obfuscation is characterized in section 3. Section 4 explains how obfuscation is put into practice in our architecture. Section 5 proposes an obfuscation metric and discusses our model validity. The state of the art is discussed in section 6 and finally, we conclude our paper and introduce some future work in the last section.


2. Motivation And Context

2.1. Motivating Example

Figure 1 depicts a loan process in a bank using BPMN (Object Management Group[OMG], 2011) which aims to accept or reject a loan request, depending on the customer history and other parameters (loan amount, etc.).

Figure 1.

The loan process


The loan is treated in different ways. In general, the risk of the loan is evaluated, but the loan request can be either directly accepted or rejected. At any point in the process the hierarchy can directly intervene. The final decision is taken depending on the loan request treatment and the hierarchy validation.

The bank is ready to use cloud resources. However, it needs to be in confidence with its cloud providers, and especially to be sure that its strategy for directly accepting or rejecting a loan will not be disclosed. In the same way, it does not want to disclose how the hierarchy intervenes in the process and how the final decision is taken. One way for reaching this objective is to anticipate problems before they occur and the bank is ready to make some preliminary work in this direction.

For mitigating risks, the bank can obfuscate its BP by transforming its BP model using a methodology introduced as in (Goettelmann et al., 2013) and especially by splitting its BP model into a BP fragments collaboration. Several splittings are possible (see for example Figure 2 and Figure 8). The bank or its cloud broker would greatly appreciate an automation of the splitting operation with in output a good BP collaboration which protects at best its know-how.

Complete Article List

Search this Journal:
Volume 19: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 18: 4 Issues (2021)
Volume 17: 4 Issues (2020)
Volume 16: 4 Issues (2019)
Volume 15: 4 Issues (2018)
Volume 14: 4 Issues (2017)
Volume 13: 4 Issues (2016)
Volume 12: 4 Issues (2015)
Volume 11: 4 Issues (2014)
Volume 10: 4 Issues (2013)
Volume 9: 4 Issues (2012)
Volume 8: 4 Issues (2011)
Volume 7: 4 Issues (2010)
Volume 6: 4 Issues (2009)
Volume 5: 4 Issues (2008)
Volume 4: 4 Issues (2007)
Volume 3: 4 Issues (2006)
Volume 2: 4 Issues (2005)
Volume 1: 4 Issues (2004)
View Complete Journal Contents Listing