Julian Jang

Compensation is not enough [fault-handling and compensation mechanism]

An important problem in designing infrastructure to support business-to-business integration (B2Bi) is how to cancel a long-running interaction (either because the user has changed their mind, or in response to an unrecoverable failure). We review the fault-handling and compensation mechanism that is now used in most workflow products and business process modeling standards. We then use an e-procurement case-study to extract a set of requirements for an effective cancellation mechanism, and we show that the standard approach using fault-handling, and compensation transactions is not adequate to meet these requirements.

A service-oriented workflow language for robust interacting applications

In a service-oriented world, a long-running business process can be implemented as a set of stateful services that represent the individual but coordinated steps that make up the overall business activity. These service-based business processes can then be combined to form loosely-coupled distributed applications where the participants interact by calling on each other’s services. A key concern is to ensure that these interacting service-based processes work correctly in all cases, including maintaining consistency of both their stored data and the status of the joint activities. We propose a new model and notation for expressing such business processes which helps the designer avoid many common sources of errors, including inconsistency. Unlike most existing orchestration or workflowa This work was completed while the author was working at CSIRO. languages used for expressing business processes, we do not separate the normal case from exceptional activity, nor do we treat exceptional activity as a form of failure that requires compensation. Our model has been demonstrated by developing prototype systems.

An Event-Driven Workflow Engine for Service-based Business Systems

This paper discusses a novel implementation of a workflow engine that supports service-based applications. The applications are defined according to the GAT model, which is an event-based programming model using conditional guards to determine when both normal and exception-handling activities are to be executed. We propose implementation techniques for key features of GAT. These include implementing control flow based on the evaluation of guards, the management and distribution of events, and enforcing atomicity across the evaluation of guards and the execution of the corresponding activities. We have built an engine following this approach which uses available technologies to support translating GAT models into executable applications

A Cloud Architecture of Virtual Trusted Platform Modules

We propose and implement a cloud architecture of virtual TPMs. In this architecture, TPM instances can be obtained from the TPM cloud on demand. Hence, the TPM functionality is available for applications that do not have TPM chips in their local platforms. Moreover, users can access their keys and data in the same TPM instance even if they move to other platforms. The TPM functionality in cloud is easy to access for applications developed in different languages since cloud computing delivers services in standard protocols. The functionality of the TPM cloud is demonstrated by using it to implement the Needham-Schroeder public-key protocol for web authentication.

Trusted Email protocol: Dealing with privacy concerns from malicious email intermediaries

It is well-known that intermediate mediums that route emails between senders and recipients can be a real threat to privacy as these intermediaries can easily intercept and tamper with email messages. Many software-based solutions have been proposed to solve such privacy concerns by means of end-to-end data encryption such as PGP, OpenPGP, and S/MIME. These solutions pose yet another challenging issue for the secure and trusted management of cryptographic keys they utilize. To address this issue, we propose a new protocol for a Trusted Email System using hardware-based cryptographic functionality of Trusted Platform Module (TPM) and the Ephemerizer concept. By leveraging the advantages of these two technologies, our protocol provides a safeguard to cryptographic keys so that only designated email senders and recipients can read email messages. Furthermore, our protocol guarantees that nobody can read email messages that have expired or have been securely deleted. In this paper, we first describe the protocol of our Trusted Email System and then verify the security aspects of the protocol using a popular cryptographic verification tool, ProVerif.

Establishing a trust relationship in cooperative information systems

One method for establishing a trust relationship between two servers in a co-operative information system is to use a mutual attestation protocol based on hardware that implements the Trusted Computing Groups TPM specification It has been our experience in developing an eHealth demonstration system that the efficiency of such a protocol was relatively low This inefficiency was a result of the high number of TPM function calls in response to the large number of protocol messages that must be sent by the end server systems to establish mutual trust between them prior to sending each application message (in our case, a medical record) In order to address this inefficiency, we developed a session-based mutual attestation protocol, where multiple application messages are sent over an interval of time where an established trust relationship holds Moreover, the protocol partially addresses the security flaw due to the time interval between the time-of-attestation and time-of-use This paper presents this new protocol, once again utilizing TPM microcontroller hardware, and compares its performance with that of our previous (per record) mutual attestation protocol.

Just what could possibly go wrong in B2B integration

One important trend in enterprise-scale IT has been the increasing use of business-business integration (B2Bi) technologies to automate business processes that cross organizational boundaries, such as the interactions between partner companies along a supply chain. It is relatively easy to describe a pattern of interaction, or choreography, in the case where everything proceeds smoothly. However, the abnormal cases, such as where a process fails or a message is lost, are much more complicated, and risk introducing data and process inconsistencies into computer-based systems. Current B2Bi technologies do not supply an infrastructure that can provide reliability without considerable sophistication from the architects and developers. As a first step towards guiding architects to the design of B2Bi systems that maintain consistency despite failures, this paper describes a variety of types of failure that can arise in practice, based on a realistic e-procurement scenario. We describe these failures in terms of the different types of state that naturally occur within the distributed system. Understanding the types of failure that need to be handled, or prevented, is essential to an architect or developer who must design and write handlers for all the exceptions that can occur in their workflows.

A Trust Enhanced Email Application Using Trusted Computing

Today’s crimeware is becoming so sophisticated and well advanced that it can increasingly attack an end-user’s platform directly to steal critical data to use in criminal activities. This has created a requirement for a more specialized secure email system that supports more than just software-based data encryption for enterprises dealing with highly sensitive data. We present a proof-of-concept email application that utilizes hardware-based keys from Trusted Computing which are more resistant to direct platform exploitation. Through the demonstrator, we show that it is possible today to build a special-purpose trust- enhanced email application which also offers portability and mobility.

A policy based approach to managing shared data in dynamic collaborations

This paper presents a policy-based framework for managing shared data among distributed participants in a dynamic collaboration. First, we identify three different types of entities, namely resources, participants and their relations, and the set of policies applicable to them. We then propose an integrated framework to provide a solution for managing shared data in dynamic collaborations. We discuss the implementation of the framework in the context of our storage service provisioning architecture and present the cost of such framework in comparison to the storage cost.

Towards a Transactional Framework Derived from Real Workflows

One fundamental issue that has yet to he adequately addressed in loosely coupled distributed systems is long duration transactions — maintaining integrity of the system in the presence of both failures and concurrent activities for processes that last from seconds to years. This issue is of particular importance to both business-to-business integration (B2Bi) and enterprise application integration (EAI) applications such as e-procurement.