A resilient inter-organizational workflow assignment plan selection approach: Application to a digital health use case

Abstract

Workflow Management Systems are rapidly evolving and increasingly used in a variety of industries, allowing organizations to automate and enhance their business processes. Hence, they are open to collaboration throw inter-organizational workflows to achieve common objectives. Thus, organizations could thereby adapt to highly dynamic environments and abrupt sudden changes like during epidemics. One of the particular interests for security researchers is to ensure workflow resiliency, which means ensuring the completion of the workflow execution given a defined set of security constraints without violating the security policy. However, the rigid application of security constraints restricts some task-organization assignments, which leads to the workflow satisfiability problem. Moreover, a wise selection of collaborating organizations is very important for secure resilient inter-organizational workflow execution. Therefore, we aim in this paper to propose a resilient inter-organizational workflow assignment plan selection approach to select a valid task-organization plan that allows a resilient inter-organizational workflow complete execution. Our proposed approach, uses the task priority concept, Bayesian inference, and a hybrid multi-criteria decision-making approach based on the methods Analytical Hierarchical Process and Grey Technique for Order of Preference by Similarity to Ideal Solution. As a result, the proposed approach selects the best assignment plan for a resilient execution of the Inter-Organizational Workflow, in addition to delegates for each task-organization assignment if available.

Keywords

Inter-organizational workflow assignment plan authorization constraints workflow satisfiability problem workflow resiliency workflow management systems access control collaborative systems

Introduction

With today’s technological advancements, organizations are able to utilize their information systems to integrate and extend their business processes across borders, enabling them to reach new markets and provide their goods and services to new clients. Moreover, the emergence of Enterprise Information Systems (EISs) — solutions that integrate various business processes and functions within an organization into a unified system¹ —, and Business Process Management (BPM) which represents a systematic approach to managing and optimizing an organization’s processes to achieve business goals. It encompasses the entire lifecycle of a process, from design and modeling to execution, monitoring, and continuous improvement.² Inter-organizational collaboration is made possible allowing enterprises to share their expertise and resources in order to achieve common goals. As a result, organizations and businesses across a range of industries are increasingly willing to work together and open to collaboration. Thus, organizations are looking for new reliable business partners globally. In order to achieve this collaboration, organizations have to connect their information systems and incorporate their business processes into an inter-organizational workflow (IOW). Further, the inter-organizational workflow has to meet collaboration specifications, management flexibility, and security requirements to ensure inter-organizational workflow resiliency. Accordingly, organizations use BPM tools for explicit representation and description of the coordination in their business processes.²

Workflow Management Systems (WfMS) is a solution designed to facilitate the automation, coordination, and management of various business processes or workflows within an organization. It enables the design, execution, monitoring, and optimization of workflows to enhance efficiency, collaboration, and control of work processes.^2,3 Further, WfMS are rapidly evolving and increasingly used in a variety of industries to automate and control business processes, which allows organizations to increase their workflows resiliency.^3,4 Therefore, Organizations are able to extend their business process from an internal workflow level to a larger external inter-organizational workflow level.¹ Thus, they could thereby adapt to highly dynamic environments and abrupt changes, such as those that occur during epidemic crises.⁵ Additionally, inter-organizational collaboration enables organizations to meet new market challenges, perform workflow re-engineering, complete workflow execution, lower production costs, and improve service quality.

However, the security risk remains the biggest challenge in collaborative environments with a dynamic management strategy and complex security policy for data/resource protection. Moreover, data breaches and cybersecurity threats are increasing every year with a high number of attacks recorded in 2020 during the COVID-19 pandemic.⁶ Thus, a multitude of attacks against industries with a focus by cybercriminals on the healthcare industry given the huge amount of confidential patient data and human life factor in play.^6,7 Therefore, the enforcement of the security policy and security constraints in IOW to ensure confidentiality, privacy, and data availability –especially in healthcare– is necessary. However, enforcing these constraints can result in a stalemate situation in which no user is authorized to execute the current workflow task, thus losing workflow resiliency.⁸ Therefore, the tradeoff between ensuring IOW security and the termination of the IOW execution is a very challenging research problem.^5,9

Regardless, of the proposed approaches in the literature for the workflow satisfiability problem (WSP) or the workflow resiliency problem, the majority of the research work provides solutions for a complete workflow execution with authorization policy and security constraints in intra-organizational workflows.¹⁰ This gap is particularly pronounced in scenarios such as pandemics, where the need for agile and secure collaboration across different organizations is crucial. This observation forms the core problem statement of our research, emphasizing the need for approaches specifically tailored to inter-organizational workflows under dynamic conditions.^11,12

Therefore, our proposed approach introduces an innovative algorithm to select the optimal task-organization assignment plan from a network of collaborating organizations in a shared Inter-Organizational Workflow (IOW). This approach is unique in its integration of the task priority concept, multi-criteria decision method (MCDM), and Bayesian inference, aiming to minimize the risk associated with the Workflow Satisfiability Problem while adhering to IOW security constraints and access control policies. Additionally, the proposed approach proposes an optimal selection of delegates for task-organization assignments as a mitigation to maintain workflow continuity. Furthermore, our research enhances decision-making in these environments by employing a Hybrid Multi-Criteria Decision-Making model that combines the Analytical Hierarchical Process (AHP) with the Grey TOPSIS Technique. This synthesis, along with the incorporation of task priorities and security criteria informed by Bayesian Inference, aligns closely with organizational objectives and security goals. Collectively, these elements constitute a comprehensive framework prioritizing security parameters in decision-making, thereby contributing a robust solution for resilient inter-organizational workflows execution.

The remainder of this paper is structured as follows: We first present the security and resiliency requirements of inter-organizational workflows. This is followed by a post-pandemic analysis of security issues for inter-organizational collaboration. Next, we review related works in the literature. Our approach is then presented, illustrated through a healthcare use case. Finally, the paper concludes with a brief summary and outlines future research directions.

Inter-organizational workflows security and resiliency requirements

Workflow management systems are very popular and largely used by organizations to achieve business objectives and improve their productivity.¹¹ Moreover, workflows play a central role in the strategies adopted to address global challenges allowing organizations to enhance the efficiency of their business processes. Furthermore, in the majority of data-driven research disciplines, scientific workflows are utilized to perform complex analyses on a multitude of distributed resources.^12,13 Additionally, they allow collaboration between several partners to execute tasks in complex and dynamic environments using inter-organizational workflows.¹⁰ However, to ensure organizations information systems security and data confidentiality, it is necessary to use security constraints and access control models to enforce the security policy.¹⁴ However, the enforcement of the security policy affects the IOW resiliency and management flexibility.

Access control policies and security requirements

Many research papers in the literature proposed different access control models to describe security policies in the context of workflow systems.^15–17 Besides traditional well-known access control models, there are many others developed recently to match advanced security requirements.¹⁸ The majority of the proposed access control models are adaptations of the Role Based Access Control model (RBAC),¹⁹ which allows users, tasks, role associations, and permissions to be modeled.

Access control is “…a process to determine who does what to what based on a policy”.²⁰ Access control helps to avoid data breaches and information leakage, more it also prevents data alteration by potentially malicious parties.²¹ Thus, the access control model allows the enforcement of access rights, which are defined according to a specific authorization policy.²¹ The most important security measure to consider in an organization’s workflow authorization system is Access Control.^14,17 It ensures data security, protects resources and prevents unauthorized access by defined subjects to confidential information.²¹

Moreover, access control models enable organizations to enforce other security concepts required for workflow systems security. They facilitate the definition of security policies and the formulation of security principles such as the Separation of Duties (SoD), which prevents users or organizations from being assigned conflicting duties (tasks with conflict of interest).²² Also, the Binding of Duties (BoD) constraint, demands that the same user or organization must execute a specific set of tasks.¹⁴ Furthermore, access control requirements like policies cohabitation, interoperability, and privacy are necessary for IOWs where the participating organizations (i.e., partners) are not necessarily known prior to the IOW execution. In addition, the dynamic aspect of the IOWs allows partners to join or leave the collaboration.²³ Thus, workflow administrators have to deal with the complex management in a business environment and the interactions between different organizations.²³ Therefore, selecting the most appropriate partners who meet the workflow specifications, security requirements, and access control policies is crucial to a successful and secure inter-organizational collaboration.^5,23

Collaborators play a major role in the completion of the workflow execution. However, they represent a risk to workflow security and resiliency. For example, during the pandemic, remote working from home leveraged many security concerns for the organizations’ data.²⁴ Thus, the IOW system’s security highly depends on its partner’s security. Therefore, in order to prevent organizations from executing conflictual tasks or holding conflictual roles. Workflow administrators implement rigid security policies and enforce security constraints like entailment constraints (i.e., SoD, BoD),⁴ to ensure secure workflow tasks execution in distributed organizations.^25,26 Although, strict security enforcement may cause the workflow satisfiability problem and prevents workflow execution termination which is not tolerated in workflows that had a major impact on organizations in industries providing critical services such as healthcare, banking, etc.⁵

Workflow satisfiability problem

In many circumstances, the execution of IOW depends on a number of parameters and environmental factors that are difficult to fulfill. Firstly, the workflow execution must meet workflow criteria and business objectives to ensure a timely termination of the workflow instance execution.²⁷ However, for security considerations, it is necessary to apply access control restrictions to prevent unauthorized access to workflow resources and ensure a safe and secure workflow execution, especially in dynamic environments during a crisis.²² Therefore, because of the restrictive authorization policy, and security constraints some participating organizations may be designated unavailable for some tasks in the IOW.

Moreover, early IOW task assignments may cause collaborators to be unavailable for other task assignments in the IOW due to the conflict of interest. This workflow situation is known in the literature as the workflow satisfiability problem, an interesting problem in information security and access control systems that have been shown to be NP-hard.^4,28 The basic form of a WSP instance is defined by a partially ordered set of tasks in a workflow instance that must be completed by users/organizations under particular authorizations and security constraints.²⁹ Thus, the WSP is a problem of finding an assignment of users to tasks so that all authorization constraints are satisfied.^4,5,28 In other words, resolving WSP is to ask whether there is a valid plan of assignments where all authorizations and all constraints are satisfied.²⁷ As described in³⁰ a valid plan of assignments is a plan that is both authorized and eligible.

Furthermore, the authors in³¹ distinguish between two forms of WSP. The classical form is in which we have to find authorized and eligible assignments of tasks to users (i.e., a plan) that satisfies all the constraints, but the availability of users/organizations is controlled (assuming they will be always available). The second form is where the availability of users/organizations is not controlled (at any moment they may become absent), thus we have to deal with uncertainty to ensure complete execution of the workflow with regard to the security policies.

In dynamic environments such as IOWs, where organizations’ availability as collaborators changes frequently, the WSP is known also as the workflow resiliency problem.³¹ To understand this concept, a resilience system “is a system with an objective to survive and maintain function even during the course of disruptions, provided with a capability to predict and assess the damage of possible disruptions, and enhanced by the strong awareness of its ever-changing environment and knowledge of the past events, thereby utilizing resilient strategies for defense against the disruptions”.^32–34 The workflow resiliency problem is an extended version of the WSP adding the assumption that organizations availability changes during the run-time of the workflow. Thus, workflows that are satisfiable at administration-time may become unsatisfiable during run-time.^5,9,35 Therefore, a resilient workflow is considered satisfiable but vice versa does not hold.³¹

Based on the user availability, the authors in,⁴ defined three levels of resiliency. The first form is static resiliency where workflow users or organizations for IOW may be absent prior to the execution of the workflow instance. The second form is decremental resiliency where users/organizations may be absent before or during the workflow instance execution and they do not become available again. The third form is dynamic resiliency where users/organizations’ availability changes, thus they may be absent and become available again prior to or during the workflow execution. Moreover, checking static workflow resiliency for a given access control state is NP-hard, while decremental and dynamic resiliency are PSPACE-complete.⁴

To optimize partner selection for collaboration as well as to ensure secure inter-organizational collaborations, IOW systems must be adaptable with efficient access control management.^9,23 Furthermore, because collaborative environments are very dynamic, IOW systems must be designed with mechanisms to address the workflow resiliency problem. As a result, IOW systems can deal with unexpected shifts or even pandemics like COVID-19. Furthermore, they help organizations keep their operations running and ensure service continuity.

Post-pandemic analysis of the security issues for inter-organizational collaboration

Many healthcare providers (hospitals, clinics, insurance companies, etc.) struggle to have an accurate and timely transmission of medical records since people were often sent to the hospital with a packet of medical paper records which can easily be lost or misplaced in the emergency room.³⁶ Moreover, during the COVID-19 pandemic with all the restrictions to limit the possibility of viral transmission via fomites, medical records exchange was logistically problematic and time-consuming which complicated the situation even more.³⁶

A shift in organizations work model

The COVID-19 pandemic changed all aspects of life and business work ethics all over the world and caused a global quarantine with people in lockdown and millions of deaths.³⁷ As a consequence, a huge number of businesses did not survive the social and economic crisis.²⁴ Hence, the impact on individuals, organizations, and governments was expected to continue for a long time.³⁸

The crisis forced organizations to innovate and look for alternative strategic solutions as new business models adapted to crisis management and future big challenges, not only alternative solutions to struggle for survival waiting for the hard circumstances to change or the end of the pandemic.³⁹ Therefore, many organizations have managed the situation during the pandemic and switched their work model to make use of digital technologies, cloud computing platforms, and inter-organizational workflow systems for collaborations. A transformation that was important during the COVID-19 pandemic and impacted positively a wide range of industry stakeholders.^1,40 Further, to cope with sudden changes in business work models, there was an increasing need for inter-organizational collaborations.⁴¹ Organizations with implemented information systems were able to rapidly adapt to the new work model situation and allow their employees to work remotely and collaborate with other organizations to help in vaccine development, limit the spread of the virus, and elevate the health concerns of the public.²⁴

Furthermore, the use of collaboration management systems such as the IOW gives organizations a great solution for safe data sharing with flexible management of shared tasks, especially for the healthcare industry.³⁶ Since IOW helps to manage communication and exchanges between different collaborators by connecting their Electronic Health (e-Health) Systems (EHS). Thus IOW provides the flexibility and agility to respond to changing environments –like remote work during the pandemic-with an efficient and secure way for patient data exchange between different healthcare partners (collaborators), including hospitals, clinics, laboratories, nurses, doctors, lab. technicians, receptionists, emergency services and insurance companies.^8,23,42 In healthcare the focus on collaboration is to improve relationships and trust between collaborating entities, further, it aims to ensure a continuity of care quality for the patient, especially during challenging circumstances like the COVID-19 pandemic.³⁶

As a result, collaborating organizations in various industries were able to continue operating and providing essential services (telehealth, online education, News updates, social connectivity, entertainment, etc.), which greatly aided decision-makers during pandemics and facilitated crisis management.^24,40,41

Organizations security and privacy issues during the pandemic

The critical need for virtual work environments during the pandemic has pushed many organizations to respond quickly. Thus, organizations tried the digitalization of essential services and adopted remote working to ensure business continuity and service availability. Consequently, organizations implemented insufficient security measures for remote work, which cybercriminals can easily exploit outside the security protections provided by the organization’s internal infrastructure and information systems.²⁴

Furthermore, during the pandemic, cyber-threats have grown at a phenomenal rate, which challenged organizations’ new work model and security strategy to provide safe and reliable access to confidential data and resources, especially since personal data continues to be a lucrative target to hackers.⁴⁰ Despite the suffering people are living because of the pandemic; cybercriminals were taking advantage of the situation. Thus, threats escalated dramatically with an alarming high volume of COVID-19-themed scams, malware, and phishing emails exploiting the increasing reliance on information systems and electronic communication networks.²⁴

Every year IBM Security publishes a research report conducted by the Ponemon Institute on the cost of a data breach. In 2020 the year of the pandemic, some of the key findings of the research report on the impact of COVID-19 is that in response to the pandemic, 54% of organizations required remote work. Also, 76% of those organizations said that remote work increases the time to detect and contain a data breach, and 70% said it increases the cost of a possible data breach.⁶ Furthermore, the annual report presented three primary categories of root causes of a data breach in 2020. Thus, 52% of incidents are from malicious attacks, 25% are caused by system glitches, and 23% are caused by human error.

As shown in Figure 1, data breaches root causes vary from one industry to the other. The highest percentage of malicious attacks affect technology, transportation, retail, and financial organizations. Whereas the highest percentage of data breaches caused by human error affect entertainment, education, pharmaceuticals, and healthcare.⁶ Moreover, malicious attacks were the most expensive breach root cause, costing an average of $4.27 million, nearly $1 million more than system glitches or human error.⁶

Figure 1.

IBM security report for data breach root causes by industry.⁶

The majority of these sectors are frequently targeted by cybercriminals for the high value of data and information shared in their systems. Since data and Information technology play a strategic role in industries characterized by high information intensity. Thus, the value of Information technology is very high for industries where data and information processing is required to efficiently and effectively manage their activities and business processes.³⁹ The authors in³⁹ presented a three-dimensional information intensity matrix that reflects the nature of the product/service associated with a level of information intensity for different industries.

As described in Figure 2, We can clearly see that Healthcare, Banking, and Media industries which figure in the sixth block of the matrix represent the industries with the highest level of information intensity of process and product/service, which make those industries essential in today’s world.³⁹ Also, it reflects the high amount of data circulating in their information system as they make use of technologies in their daily workflows. Thus, it confirms why those industries are highly targeted by cyberattacks as shown in Figure 1.⁶

Figure 2.

Industries information intensity matrix.³⁹

According to the IBM security cost of data breach report published in 2021,⁷ the average cost of a data breach across all industries increased from $3.86 million in 2020 to $4.24 million in 2021. Moreover, the cost of Healthcare data breaches increased by 29.5% to an average of $9.3 million per incident, up from $7.13 million in 2020.⁷ Thus, the healthcare data breach average percentage is roughly three times greater and twice as expensive as the worldwide industry average. Furthermore, the most common root causes of data breaches in 2021 were 20% for compromised credentials, 17% for Phishing attacks, 15% for cloud misconfiguration, and 4% for compromised business emails.⁷ Additionally, the 2022 IBM report records a very high increase from last year of 12.7% in the average global cost of data breaches reaching $4.35 million.⁴³ Further, the top three industries affected in the 2022 report are healthcare, financial, and pharmaceuticals, each of these are part of critical infrastructure sectors as we presented earlier. Figure 3 shows the average overall cost of data breaches, with the healthcare industry recording a 9.4% increase over the previous year and the financial sector experiencing a 4.4% increase. While the average total cost decreased slightly in the pharmaceutical industry.⁴³

Figure 3.

Top industries in the average total cost of a data breach - measured in US$ millions.

The top four initial attack vectors of data breaches identified in the 2022 report are the same as those identified in IBM’s 2021 report. The first most common attack vector reported is compromised credentials with 19% of breaches, and the second is phishing attacks accounted for 16% of breaches. More, the global average cost was calculated as $4.02 million with an increase to $4.99 million when remote work conditions were regarded as a cause triggering the data breach.⁴³

The presented statistics and the information matrix gives an insight into the impact of the pandemic on different industries’ business models.³⁹ For example, in many countries where healthcare systems are traditional, a large group of patients has been heavily affected. As healthcare workers were exhausted caring for COVID-19 patients, thus routine health services for ongoing care and long-term treatment such as specialized cancer consultations have been suspended.⁴⁴ On the other hand, healthcare organizations that are equipped with Electronic healthcare systems (EHS) or used Information and Communication Technologies have effectively addressed the challenges during the pandemic. Thanks to the features that ensure patient data availability and the possibility for resource sharing and access anywhere.⁴¹ This helps the collaborating organizations to provide essential care efficiently and improves healthcare quality, treatment procedures, and reduces care cost and time.⁴⁵ Hence, healthcare organizations were able to redesign their care model enhancing communication and collaboration, redeploying staff, ensuring patients care continuity, and overcoming financial loss.^41,45

Therefore, thinking about restructuring healthcare systems or any other industry with a high information intensity of processes and products/services to maintain functional business operations during crisis situations is very important. Regardless of the advantages, the openness of technology and services digitalization leverages the security and privacy concerns -such as access control, trust, authentication, data sharing and transmission, delegation, data confidentiality, and integrity, - especially in highly dynamic environments with all the sudden changes and environment variability as in crisis situation.^1,40 As a result, during the COVID-19 epidemic, data sharing, and business collaborations become increasingly crucial and very challenging for several organizations. Therefore, the adoption of inter-organizational authorization systems and cloud-based platforms could help to enhance security and prevent data leakage, which encourages collaborations but these are not the only concerns.⁴⁰

The pandemic showed the necessity today for information systems and inter-organizational collaboration that allows enterprises to work with other partners sharing their expertise and resources to achieve common goals. Moreover, the pandemic proved for organizations the necessity to consider risk management and to have business continuity and incident response plans. Furthermore, enforcing access control authorization policy and security requirements to improve an organization’s security is a recommended practice. However, organizations must guarantee that their workflows are fully executed and met their business objectives according to the workflow specifications. Moreover, organizations have to manage security and workflow specifications to avoid the WSP, thus they avoid the violation of the access control authorizations to terminate the IOW execution.^4,5,10 Thus, finding the balance between security, privacy, and workflow specification is vital for a successful secure resilient workflow for collaborating organizations. Therefore, organizations have to rethink their business models in order to capitalize on digitization toward a secure and flexible inter-organizational collaboration system adapted for dynamic environments and challenging circumstances.

Related works

Numerous authors in the literature have studied and experimented with various methods to solve the WSP. Among these approaches, we identified in the literature the Fixed parameter tractable (FPT), model checking, quantitative approaches, delegation mechanism, etc.⁴⁶

Wang and Li proposed an interesting work in,⁴ in which they use parameterized complexity methods to evaluate the computational complexity of the WSP with multiple input parameters. The authors demonstrated the NP-completeness of the WSP and proved its FPT. Thus, efficient algorithms to solve WSP are conceivable when just inequality and equality relations (SOD/BOD) are considered. They also demonstrated that the usage of user-defined relations renders WSP non-FPT.⁴ The authors developed an approach for executing an FPT reduction of the WSP to SAT in order to solve the WSP using the SAT solver.⁴

Crampton et al. in,²⁸ enhanced Wang and Li’s findings by introducing counting constraints (a generalization of the cardinality constraints), and considering entailment constraints to represent other types of requirements. The authors demonstrated that counting constraints had no effect on the WSP’s fixed-parameter tractability. As a result, the WSP remains FPT for every constraint whose fulfillment is dependent on the action of a single user.²⁸ Therefore, Crampton et al. reduced WSP to a Max Weighted Partition problem, to ensure that WSP instance is FPT, allowing the development of an FPT algorithm to solve the WSP.

In²⁷ Cohen et al. used a constraint satisfaction problem (CSP) approach and the concept of plan-indistinguishability to create an algorithm that can handle a wide range of workflow constraints. As a result, the authors suggested a general method that incrementally builds executions, eliminating partial executions that can never match the criteria. Moreover, they demonstrated that the method could be improved for a wide range of user-independent constraints as well as unions of different constraint types. Furthermore, the authors showed that the algorithm is FPT for equivalent relation constraints and their union with user-independent constraints.

Karapetyan et al. in,⁴⁷ proposed a faster algorithm with only polynomial-space complexity. The presented FPT algorithm solves WSP with user-independent (UI) constraints exploiting two levels of decomposition and supported by heuristics. The Pattern Backtracking (PBT) algorithm handles the decomposition of WSP into two levels. The upper level corresponds to UI constraints where decisions can be encoded with a pattern. The space of the upper-level solutions has a size exponential in k not depending on n. While the lower level corresponds to user assignments where authorizations are user dependent, and thus cannot be handled with patterns. The lower level can be reduced to a bipartite matching problem which admits a polynomial-time algorithm. Thus, PBT has a running time exponential in k only.⁴⁷

Gutin et al.⁴⁸ explored the kernelization of the WSP for a variety of algorithms and showed that the algorithms in^27,28 for solving the WSP for regular and user-independent constraints are most likely optimal. In addition, authors in³⁰ showed that algorithms to solve WSP in a running time of $O^{*} (c^{(k \log (k))})$ for any constant $c < 2$ does not exist unless the strong exponential time hypothesis (SETH) fails. However, the algorithm proposed by Karapetyan et al. in⁴⁷ are of running time $O^{*} (2^{(k \log (k))})$ , and as stated by²⁹ the theoretical running time of the basic pattern algorithm and the pattern backtracking algorithm is $O^{*} (2^{(k \log (k))})$ and thus PBT is very likely to be optimal and much more efficient in practical computing. Since, PBT allows to avoid generating all different patterns for unsatisfiable instances and many patterns for satisfiable instances, which results in solving the instances faster and for larger values of k.²⁹

Mace et al. introduce the concept of quantitative resiliency⁴⁹ and studied the resiliency problem quantitatively focusing on decremental and dynamic resiliency.⁴ As a result, the workflow resiliency problem was reduced to that of solving a Markovian Decision Process (MDP). The authors developed metrics to evaluate the resiliency of a workflow, and the likelihood of workflow execution termination for a given security policy and user availability model. In,⁵⁰ Mace et al. enhanced the proposed approach to take into consideration workflow with choice and provide resiliency values for each execution path. Therefore, they define a metric -resiliency variance-for workflow failure analysis to help predict an appropriate mitigation strategy.⁵⁰

In⁵¹ the authors defined the Bi-Objective WSP (BO-WSP), which helps in analyzing a variety of problems relating to workflow satisfiability. Thus, they have developed fixed-parameter tractable algorithms to solve BO-WSP, which means the possibility to solve many instances of BO-WSP with parameters that take values as it would be expected in practice like a larger number of users compared to the number of steps.⁵¹ Moreover, inspired by the work of Mace et al.⁴⁹ the authors developed a new model for quantifying workflow resiliency based on probabilities associated with the unavailability or availability of users to expect the number of steps that will be executed for a given plan.

The author in⁹ presented an approach that employs the delegation mechanism to improve the resiliency of workflow systems and uses the task priority concept to find appropriate delegatees. Moreover, the approach helps to decide which task instance to suspend if necessary in order to avoid the WSP at run-time. The delegatees are chosen based on their suitability but may lack competence, which is “the price to pay” for resiliency.⁹ The delegation process takes place at the task level, thus it is not clear whether a workflow can still complete its execution while meeting security constraints.

In,⁵ the authors presented an approach based on the workflow criticality metric to prevent the WSP. They have enhanced and redesigned the proposed approach and concepts in.⁹ Thus, the new proposed approach aims to predict the workflow risk of failure before implementation.⁵ Hence, tracking probable workflow execution failures during run-time will help workflow managers to design flexible and resilient workflows.⁵ Further, the authors proposed an algorithm that combines workflow criticality, priority concepts, users’ availability, etc.⁵ To bypass the WSP and search for a potential delegate that represents a low-security risk of execution failure for the critical task.⁵

The authors in,¹ proposed RPMInter-Work, a multi-agent approach for planning task-role assignments in constrained inter-organizational workflow and security authorization limitations associated with task-role assignments. The proposed approach aims to define a valid role plan that ensures that each workflow task is performed by an authorized role and that this authorization does not block the execution of other workflow tasks.¹ The authors formulated their approach as a planning problem similar to a DisCSP which is solved using the DOC-SAT approach while respecting the privacy of the participating organization.¹ However, the approach presents some limits when the planning problem is over-constrained and there is no viable role plan that satisfies all of the required authorization restrictions.¹

Resilient assignment plan selection approach for IOWs

In this section, we describe our proposed approach to find the best plan of task-organization assignments for IOW complete execution that represent a low risk for WSP to occur. The proposed approach uses a task priority concept,⁵ and a multi-criteria decision method (MCDM),²³ that combines AHP and Grey TOPSIS methods to rank collaborators for tasks suitability from a security perspective,.^52–54 Moreover, we evaluate the risk of assignments for a critical task instance using Bayesian inference to select the best organization with a low risk of WSP for each task.^55,56

Background and motivating example

We consider a workflow schema to define an inter-organizational as a tuple W (T, O, A, C). A workflow schema contains T the set of tasks in the workflow, and O the set of organizations in the partner network. Also, we have A (t) the authorization list for each task instance t where A = {A (t), t ∈ T}, and C the set of workflow constraints applied to tasks in W, thus we denote C (t, t’, c) for the constraint c to satisfy when assigning an organization to tasks t and t’.

As a running example, we consider the inter-organizational workflow in Figure 4 which is inspired by the healthcare environment for patient diagnosis and treatment. The considered IOW schema W (T, O, A, C) contains five tasks T = {T1, T2, T3, T4, T5}, and a set of collaborating organizations from the partner network O = {O1, O2, O3, O4, O5, O6} to execute tasks in T. Moreover, the inter-organizational workflow is an abstraction of a healthcare process presented in Figure 5 and which may involve different healthcare organizations (hospitals, clinics, laboratories, insurance companies, etc.). This process takes place as follows:

- Starting from task T1 with the registration of a patient in a healthcare facility, either in a Hospital ER or Clinic care. Then proceed to patient examination.

- After examination a patient diagnostic report is created, and a simultaneous signal is sent to start T2 for laboratory tests if needed and T4 to check the patient’s medical insurance.

- After receiving the patient’s diagnostic and lab. test results, the execution of T3 starts. In T3 a doctor or medical specialist reviews the patient’s medical reports and creates a specialized medical report.

- The final part of the process starts the execution of T5 to administer a treatment plan for the patient after receiving and reviewing the specialized medical report and the medical insurance decision.

Figure 4.

Inter-organizational workflow for patient diagnostic and treatment.

Figure 5.

Healthcare process for patient diagnostic and treatment.

The set of collaborating organizations were added to the partner network after a procedure of security, privacy and trust verification in order to be part of the collaboration network. The partner network contains organization profiles to choose from for potential collaboration in the inter-organizational workflow.²³ Furthermore, the workflow tasks have to be executed under a predefined set of authorizations A(T) for organizations, and with respect to constraints C on Tasks. The authorization lists in our example for the tasks set T = {T1, …, T5} and the Organizations set O = {O1, …, O6} are as follows described in Table 1, where one indicates that the given organization is authorized for the given task and 0 otherwise.

Table 1.

Workflow tasks authorization lists.

A (T)	O1	O2	O3	O4	O5	O6
T1	0	1	1	1	0	0
T2	0	0	0	1	1	1
T3	1	1	1	0	0	0
T4	1	0	0	0	1	0
T5	0	0	1	1	0	1

The constraints C on tasks that have SoD constraint and should be assigned to two different organizations with non-conflictual roles are denoted C (t, t’, ≠) and constraints that have BoD constraints and should be assigned to the same organization are denoted C (t, t’, = ).¹⁴ Thus, constraints C on tasks in our running example are as follows:

- T1 (Hospital/Clinic) and T4 (Medical Insurance) constraint is C (t1, t4, ≠);

- T3 (Medical Doctor/Specialist) and T5 (Treatment plan) constraint is C (t3, t5, = );

- T4 (Medical Insurance) and T5 (Treatment plan) constraint is C (t3, t5, ≠).

- For T2 (Laboratory/Radiology Services) there is no constraint applied on it.

Task priority concept

In this section, we present a task priority algorithm, a concept defined in⁵ and which evaluates task priority depending on task characteristics and task deadline. We define a workflow task as tuple T (W, A, D, H, C, T-kind), Where the workflow containing the task T is W and A for the authorizations list for organizations in the partner network. While the number of days to terminate a task is D, and H for the total work hours needed to complete task T. Moreover, we have C to represent the security constraints applied to the task. Finally, T-kind defines the task characteristics as described in,⁹ it takes a binary number and each digit represents a characteristic with one if it holds 0 if not.

The workflow manager specifies the characteristics of each task in the workflow during administration-time. The task characteristics used to quantify the priority of a task are optional/obligatory, delay-sensitive/Non-delay-sensitive, delegable/non-delegable, interruptible/non-interruptible, and preemptable/non-preemptable. An optional task means that the task is by default interruptible, thus the task execution can be paused and resumed later. A delay-insensitive task is a task that has no time execution constraints. While a preemptable task is a task for which the user starting its execution can be replaced. Finally, a delegable task is a task with no confidentiality constraints that prevent its delegation.

Furthermore, with the exception of a task's delay sensitivity, most of the characteristics are unchangeable throughout workflow execution. Because it is a time restriction that indicates the execution time of a task and the remaining time before the deadline. As a result, a non-delay-sensitive task becomes delay-sensitive as it gets closer to its deadline.

Accordingly, the algorithm for task priority verifies task execution remaining time to its deadline and considers tasks with 50% to their deadline as delay-sensitive. While tasks with 75% to their deadline as delay-sensitive and non-preemptible. The following algorithm 1 we propose is an enhanced version of the task priority algorithm in⁵ to identify task Pr(T) values.

The algorithm defines Pr(T) values in [0, 1] and it is designed to cover all the possible combinations of the task characteristics in T-Kind. Thus, the algorithm takes a set of tasks and their characteristics and returns task priority value for each task in a workflow schema W. In the first step of the assignment plan selection approach we apply the presented concept to the health care running example presented earlier.

Assignment plan selection approach

As presented earlier in this paper about the workflow satisfiability problem, executing inter-organizational workflows depend on different variables and conditions that may be hard to satisfy. Therefore, in many cases the workflow managers violate security constraints to complete the workflow execution, thus unavailable organizations are allowed to execute critical tasks in the workflow. The violation of security constraints to bypass WSP opens the system to a potential privacy violation and data breach. Since inter-organizational workflow enhances workflow resiliency throw a secure collaboration system which helps to provide high-quality services and products. However, it's necessary to have algorithms to help bypass the WSP by finding assignment plans that balance the trade-off between enforcing security constraints, workflow specifications and ensuring a complete successful workflow execution.

Therefore, the approach we propose uses the concept of task priority Pr(T) presented in⁵ with some enhancements as presented earlier. In addition to an MCDM method presented in^23,52 which we combine with a Bayesian inference approach. Figure 6 illustrates the flowchart of the proposed approach to select the best plan of collaborating organizations from the partner network to execute the IOW with the lowest risk possible that the WSP occurs.

Figure 6.

Inter-organizational workflow assignment plan selection approach.

Step 1: Ordering tasks using the priority concept

Figure 7 represents the first step in the approach described in Figure 6. This step of the approach uses the tasks priority concept to create an ordered set of tasks based on task priority values which reflect the risk of failure for each task based on its characteristics, and the security constraint applied to each task in the IOW. Thus, the first step of the approach provides an ordered set of tasks from the task with high priority to the lowest one in the IOW.

Figure 7.

The first step of the approach for task ranking using task the priority concept.

Applying the first step to the running example presented in we get the following results presented in Table 2 which describes the T-Kind characteristics and the evaluation of the task priority for each task in the IOW running example, using algorithm 1.

Table 2.

The task priority values Pr (T) of the Healthcare IOW running example.

Tasks	Opt/Obl	DSen/N-DSen	Delg/N-Delg	Pre/N-Pre	Pr (T)
T1	1	0	0	0	0.6
T2	0	0	0	0	0.05
T3	1	0	0	1	0.8
T4	1	1	0	0	0.2
T5	1	0	1	1	0.8

To visualize the task’s priority and the impact of the security constraints applied to each task in the healthcare running example in Figure 4. We use a risk matrix that associates task priority to a level of risk (low, medium, important, high and critical) as illustrated in Figure 8.

Figure 8.

The risk matrix of the tasks in the workflow running example.

In Figure 8, the highest risk of failure is associated with task T5 with a high Pr(T5) = 0.8 and both SoD and BoD constraints. Also, task T3 has a high Pr(T3) = 0.8 and SoD constraint, thus they are ranked with high risk in the matrix. The task T2 represent the lowest risk since its Pr(T2) = 0.05 with no security constraints, while the tasks T4 and T1 represent a medium to important risk for the IOW execution.

Step 2: Bayesian inference on organizations’ availability

The second step presented in Figure 9, describes the Bayesian inference method which uses Bayes’ theorem in equation (1) to compute the organizations availability for each task given the security constraints applied on the task for the inter-organizational workflow execution. Therefore, to explain the second step of the approach we will generalize the concept of bias using our running example assuming that an organization with a bias of 0.5 will be available for the IOW execution half of the time.

P (θ | y) = \frac{P (y | θ) P (θ)}{P (y)}

(1)

According to Bayes’ theorem in equation (1), we must specify the prior

P (θ)

and the likelihood

P (y | θ)

that will be used in our model. For the marginal likelihood generally, it is considered as a normalization factor. Further, when analyzing the posterior distribution, we are more concerned with the relative values of the parameters rather than their absolute values.⁵⁶ Thus, we can write Bayes' theorem as a proportionality:

P (θ | y) \approx P (y | θ) P (θ)

(2)

Figure 9.

The second step of the approach for the Bayesian inference of organizations availability.

Accordingly, assuming that collaborating organizations for the IOW execution do not affect each other’s availability. Thus, we consider the organization's availability as a random variable that is independently and identically distributed (iid). Given these assumptions, the Binomial distribution is a good candidate to use in our model. Therefore, in a formal notation if X is a binomial random variable for organizations availability with parameters p and N, denoted $X \sim B i n (N, p)$ , then X is the number of events that occurred in the N trials (0 ≤ X ≤ N).⁵⁵ Thus, equation (3) represents the probability mass distribution:

P (X = k) = (\begin{array}{l} N \\ k \end{array}) p^{k} {(1 - p)}^{N - k}

(3)

Moreover, in relation to Bayes’ theorem, equation (4) represent a discrete distribution that returns the probability $P (y | θ)$ out of $N$ trials or experiments given a value of $θ$ . Moreover, $P (y | θ)$ is the likelihood model we use in our approach to model organizations availability for a task execution in the IOW using the Binomial distribution, and we denote $Y \sim B i n (N, p = θ)$ .

P (y | θ, N) = \frac{N!}{y! (N - y)!} θ^{y} {(1 - θ)}^{N - y}

(4)

Furthermore, for the prior $P (θ)$ we use the Beta distribution in equation (5), which is a relatively common distribution in Bayesian statistics used as conjugate prior to a binomially distributed likelihood.⁵⁶ The prior $P (θ)$ in our proposed approach models our prior knowledge about how security constraints on tasks in the IOW affect organizations availability, and we denote $θ \sim B e t a (α, β)$ .

P (θ) = \frac{Γ (α + β)}{Γ (α) Γ (β)} θ^{α - 1} {(1 - θ)}^{β - 1}

(5)

Finally, in our model in step 2, we have $θ$ which is Beta distributed with $α$ and $β$ parameters, and $y$ Binomially distributed with $N$ and $p = θ$ parameters. Therefore, to get the posterior $p (θ | y)$ we use equation (1) and multiply the terms in equations (4) and (5).⁵⁶

P (θ | y) \approx \frac{N!}{y! (N - y)!} θ^{y} {(1 - θ)}^{N - y} \frac{Γ (α + β)}{Γ (α) Γ (β)} θ^{α - 1} {(1 - θ)}^{β - 1}

(6)

Thus, we simplify the expression in equation (6) and drop all the terms that do not depend on theta for practical concerns. The results will still be valid and we get:

P (θ | y) \approx θ^{y + α - 1} {(1 - θ)}^{N - y + β - 1}

(7)

The posterior $P (θ | y)$ is a probability distribution for $θ$ in our proposed model, and it balances between the prior and the likelihood (our sampling model). Conceptually, the posterior represents an updated prior given the data we have.⁵⁶ Thus, we can use the posterior from one Bayesian analysis as the prior for the next analysis and enhance our model for the analysis of newly available data about task security constraints and organizations availability.⁵⁶

We present the results of step 2 for the running example presented earlier. As we have described, to model our likelihood $P (y | θ)$ , in Figure 10 we have used the Binomial distribution to generate a set of data that reflects how the security constraints on tasks in the IOW affect collaborating organizations availability.

Figure 10.

The impact of security constraints on organizations availability.

Further, we consider the Beta distribution for the prior $P (θ)$ and the likelihood $P (y | θ)$ as a sampling model. Thus, we generate two series of 1000 sampled values for the plausible values from posterior $P (θ | y)$ as shown in Figure 11 for each task in the running healthcare IOW example.

Figure 11.

The kernel density estimation and the sampled values for theta inference.

Therefore, to summarize the results of the Bayesian analysis performed in step 2 of the proposed approach, Figure 12 shows the posterior probability distribution for organizations unavailability for tasks T1 and T3 execution in the IOW. Moreover, Table 3 gives a detailed summary of all the tasks in the IOW running example.

Figure 12.

The posterior probability distribution of organizations unavailability for tasks T1 and T3.

Table 3.

A detailed summary of step 2 results for the IOW running example.

Tasks	Pr (T)	mean	sd	hdi_3%	hdi_97%
T1	0.6	0.558	0.084	0.417	0.726
T2	0.05	0.39	0.058	0.239	0.509
T3	0.95	0.445	0.05	0.346	0.535
T4	0.2	0.476	0.045	0.391	0.562
T5	0.8	0.539	0.041	0.464	0.618

Step 3: Ranking organizations using AHP and grey TOPSIS method

The third step of the approach presented in Figure 13 allows ranking authorized organizations for each task in the IOW based on the security constraints needed for secure collaboration between participating partners in the execution of a shared IOW. Thus, this step of the approach uses a hybrid Multi-Criteria Decision Method (MCDM) approach presented by the authors in.²³ The hybrid MCDM approach combines the Analytical Hierarchical Process method (AHP), with the Grey Technique for Order of Preference by Similarity to Ideal Solution (Grey TOPSIS).⁵²

Figure 13.

The third step of the approach using AHP and grey TOPSIS for organization ranking.

The AHP method allows calculation weights for each criterion necessary to ensure secure collaboration between participating organizations in the execution of the shared IOW. Moreover, as described by the authors in,²³ the necessary security criteria for collaboration in the IOW are Cr1 = security level (SL), Cr2 = privacy compliance level (PCL), Cr3 = policy similarity level (PSL), Cr4 = trust and reputation level (RL), etc. Thus, the AHP method uses a pairwise comparison matrix of the security criteria required for partner (collaborators) selection for the IOW. Further, the pairwise comparison matrix is made by domain experts and workflow managers, to reflect the level of importance for each security criterion compared to the others.

Therefore, we consider the following pairwise comparison matrix A for our IOW running example presented in Figure 4 to compute the weights for the security criteria of organizations collaboration. Thus, for the matrix A of order n = 4 we calculate the product raised to the power of 1/n for the values in each row, then we normalize the result to get a vector of weights as follows:

\begin{array}{c} C_{1} C_{2} C_{2} C_{4} \\ A = \begin{array}{l} C_{1} \\ C_{2} \\ C_{3} \\ C_{4} \end{array} (\begin{array}{l} 1 & 1 / 2 & 1 / 3 & 3 \\ 2 & 1 & 1 / 2 & 2 \\ 3 & 2 & 1 & 2 \\ 1 / 3 & 1 / 2 & 1 / 2 & 1 \end{array}) \Rightarrow \begin{array}{l} C_{1} \\ C_{2} \\ C_{3} \\ C_{4} \end{array} (\begin{array}{l} 0.19 \\ 0.27 \\ 0.42 \\ 0.12 \end{array}) \end{array}

(8)

Furthermore, to check the consistency of the judgment we calculate and check the consistency ratio $C R = C I / R I$ if it is less than 0.1 for a consistent and acceptable pairwise comparison, with RI for the Random Index, and $C I = (λ_{\max} - n) / (n - 1)$ for the consistency index. Thus, in our running example, we have RI = 0.89 for a matrix A of order n = 4 and the max value of eigenvalues $λ_{\max} = 4.225$ , then CI = 0.0851. As a result, we have a consistent and acceptable consistency ratio of CR = 0.0956 < 0.1.

The second method in the hybrid MCDM in²³ is the Grey TOPSIS method which combines the grey theory and TOPSIS method, used to rank and classify the collaborating organization by required security criteria for collaboration. The Grey TOPSIS method uses grey numbers to deal with the uncertainty and incomplete information embedded in the security-based partner selection.²³ Thus, we denote a grey number as $x \in [a, b]$ , where a is the lower limit real number and b is the upper limit real number. As a result, this combination allows to calculate and normalize the grey decision matrix. Thus, we use the weights from the AHP method and the normalized decision matrix to compute the separation measures of the positive d* and negative d – ideal alternative as defined in.²³ Finally, we use the positive and negative ideal alternative values to calculate the relative closeness $C_{i}^{*} = d_{i}^{-} / (d_{i}^{*} + d_{i}^{-})$ for each organization participating in the execution of a task T in the IOW, thus we rank the best organizations for collaboration given the necessary security criteria for collaboration.

Respectively, for example, the result of step 3 in our proposed approach for the tasks (T1 = Hospital/Clinic) and (T3 = Medical Doctor/Specialist) in the running example, and the set of collaborating organizations from the partner network O = {O1, O2, O3, O4, O5, O6}, in addition to the IOW tasks authorization list A(T) in Table 1. The following Table 4 shows the normalized decision matrix for tasks T1 and T3. Also, the used weights were calculated using the AHP method for the necessary security criteria for the authorized collaborating organizations.

Table 4.

The normalized grey decision matrix and AHP weights for T1 and T3.

		T1						T3
	Weight	Org2		Org3		Org4		Org1		Org2		Org3
SL	19.0	0.54	0.81	0.90	1.00	0.22	0.87	0.11	0.43	0.46	0.71	0.66	1.00
PCL	26.9	0.29	0.61	0.83	1.00	0.79	0.93	0.07	0.80	0.25	0.52	0.64	0.85
PSL	42.1	0.33	0.51	0.47	1.00	0.13	0.46	0.53	0.74	0.23	0.62	0.89	1.00
RL	12.1	0.70	0.92	0.05	0.32	0.11	0.90	0.75	0.96	0.42	0.97	0.30	0.76

Therefore, we use the results in Table 4 to calculate the relative closeness C* values and rank the authorized collaborating organizations for the execution of the tasks T1 and T3 in the shared IOW. Thus, the following Table 5 presents the rank of the authorized organizations for T1 and T3.

Table 5.

The relative closeness value of the authorized organizations for T1 and T3 execution.

T1	d⁻	d^*	C^*	Rank	T3	d⁻	d^*	C^*	Rank
Org2	4526	5149	0.47	3	Org1	4841	5405	0.47	2
Org3	7068	3818	0.65	1	Org2	4098	5639	0.42	3
Org4	5314	5796	0.48	2	Org3	6919	2599	0.73	1

Step 4: IOW assignment plan with low risk of WSP and delegates suggestion

The fourth and final step of our proposed approach consists in combining the results from steps 2 and 3 as shown in Figure 14. Thus, we believe that the resulting IOW execution plan in step 4 of the proposed approach represents the best plan that balances secure collaboration and resilient inter-organizational workflow execution. The use of step 3 provides a ranking of the collaborating organizations in the partner network for each task T in the IOW that satisfies the necessary security criteria for collaboration as defined by domain experts and workflow managers. Further, step 2 of the approach performs a Bayesian inference about the probability of the organization’s availability for each task in the IOW given the security requirement needed to ensure a secure IOW execution. As a result, step 2 provides us with statistical information as shown in Table 3, which we use for a variety of analyses for the IOW. In our approach, we use the mean value of the organization’s availability for a given task in the IOW, with the relative closeness value calculated in step 3 to select the best secure and resilient plan of authorized collaborating organizations for the execution of the shared IOW.

Figure 14.

The fourth step of the approach to select the best execution plan for the IOW.

Therefore, the result of the fourth and final step in the proposed approach for our IOW running example are presented in Tables 6 and 7. Thus, the provided results in Table 6 describe the combination of the results from step 3 for the relative closeness values C^* for each organization in the partner network, and the workflow tasks authorization list A(T) for the collaborating organizations presented in Table 1. More, the NA value in Table 6 means that the organization is not authorized for task execution.

Table 6.

The relative closeness value for the authorized organizations for the tasks in the IOW.

C^* × A (T_i)	T1	T2	T3	T4	T5
Org1	NA	NA	0.47	0.47	NA
Org2	0.47	NA	0.42	NA	NA
Org3	0.65	NA	0.73	NA	0.50
Org4	0.48	0.66	NA	NA	0.60
Org5	NA	0.50	NA	0.60	NA
Org6	NA	0.42	NA	NA	0.71

Table 7.

The ranking values for selecting the best plan for the IOW execution.

Table 7 describes the calculated ranking value from step 4, which allows the selection of the best plan for the IOW execution. Thus, the organizations selection value for each task in our running example combines the results in Table 6 and the mean values presented in Table 3 calculated for each task in step 2.

Therefore, from the results of step 4 presented in Table 7, the tasks ranking using priority values from step 1 and the security constraints on tasks in our IOW running example. We rank organization increasingly using their corresponding values in Table 7 for each task, thus the first ranked organizations for each task is the best organization to execute that given task. Furthermore, the proposed approach provides the most suitable delegate if exists. Thus, the next ranked organization for each task is the most suitable organization for delegation in case of changing situations or organization unavailability for any intractable raison by our approach.

As a result, the proposed approach provides an assignment plan for the IOW tasks in the following order T5 > T3 > T1 > T4 > T2 reflecting task priority from step 1. Thus, the following task-organization assignment plan П = {O3, O4, O3, O5, O3} for the set of tasks T = {T1, T2, T3, T4, T5}, is the best IOW execution plan for our running example that ensures secure collaboration and resilient IOW execution. Further, for example the proposed approach gives {O1, O2} as a list of the most suitable delegates for task T3 execution in case O3 is unavailable.

Furthermore, in our running example the task T5 has BoD constraints with T3 and SoD constraints with T4. Also, the T3 task priority value is considered critical as shown in the risk matrix in Figure 8, thus our proposed approach considers the task T5 as the first task assignment to satisfy in order to override conflicting assignments. Moreover, given the security constraints on the IOW tasks we clearly see from the result of the approach that T5 has no available delegate in case O3 is selected in the assignment plan П for any other task. Thus, the workflow managers, can also use the proposed approach as a tool to anticipate future possible blocking situations and make possible changes in the IOW tasks authorization list, the workflow authorization policy, or redesign the IOW for better results.

Conclusion and future works

In this research paper, we introduced an innovative approach for selecting a task-organization assignment plan aimed at facilitating resilient and complete inter-organizational workflow (IOW) execution. Our method emphasizes adherence to collaborative specifications, authorization policies, and security constraints, ensuring that the chosen organizations within the partner network are both authorized and well equipped to execute their designated tasks without creating conflicts in the collaborative IOW. This strategy significantly reduces the risk of workflow satisfiability issues.

Our approach, underpinned by the concept of task priority, judiciously assigns tasks based on associated risks and security constraints. We incorporate Bayesian inference to estimate the availability of collaborating organizations for each task, given the security constraints, and fuse this result with a hybrid multi-criteria decision-making framework combining Analytic Hierarchy Process (AHP) and Grey Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) methods. This integration produces a ranked list of organizations for each task, identifying the most suitable collaborators considering the security constraints. Additionally, it allows to select a secondary list of the most suitable delegates for each task-organization assignment.

The proposed framework offers managers a robust approach that allows enhancing collaborative workflow efficiency, particularly in environments where security and authorization are paramount. It provides a systematic way to evaluate and select partner organizations, thereby fostering more secure and efficient collaborative processes.

Despite its strengths, our approach is primarily based on Bayesian inference, which relies on approximating true probability distributions from available data. The accuracy of these approximations can vary, suggesting a need for more comprehensive data collection or the establishment of more informative priors for precise decision-making. Additionally, while the approach is suitable for sequential data analysis, it may face limitations in over-constrained IOWs lacking valid assignment plans that meet all security and policy requirements.

As a future direction, we aim to refine our model to overcome these limitations. Specifically, we plan to explore the integration of the Markov Decision Process (MDP) to further enhance the resilience and adaptability of IOWs under varying constraints. This exploration could potentially lead to more sophisticated and flexible models that cater to a broader range of IOW scenarios, thereby broadening the applicability and effectiveness of our proposed approach in enhancing the complex inter-organizational workflows resilience.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Boughrous Monsef

References

Weber

Gabriel

Lux

, et al. Business process management. Basics in business informatics. Wiesbaden: Springer Vieweg, 2022.

Van der Aalst

Weske

Wirtz

. Advanced topics in workflow management: issues, requirements, and solutions. J Integrated Des Process Sci 2003; 7(3): 49–77.

Wang

. Satisfiability and resiliency in workflow authorization systems. ACM Trans Inf Syst Secur 2010; 13(4): 40.

Jemel

Ben Azzouna

Ghedira

. RPMInter-work: a multi-agent approach for planning the task-role assignments in inter-organisational workflow. Enterprise Inf Syst 2020; 14(5): 611–640.

Boughrous

El Bakkali

. A workflow criticality-based approach to bypass the workflow satisfiability problem. Secur. Commun Netw 2021; 2021: 3330923.

Ponemon

Institute.

Cost of a Data Breach Report 2020. Sponsored and published by IBM Security. Armonk, NY: IBM Corporation, July 2020.

Ponemon

Institute.

Cost of a Data Breach Report 2021. Sponsored and published by IBM Security. Armonk, NY: IBM Corporation, July 2021.

Boughrous

El Bakkali

El Kandoussi

. The pandemic impact on organizations security and resiliency: the workflow satisfiability problem. International conference on hybrid intelligent systems, HIS. Lecture notes in networks and systems. Cham: Springer, 2021, Vol. 420, pp. 321–329.

El Bakkali

. Enhancing workflow systems resiliency by using delegation and priority concepts. J Digit Inf Manag 2013; 11: 267–276.

10.

Sha

Zhang

. Deadlock-free solution in collaborative workflow environment. In: Fifth international conference on next generation web services practices, Prague. Czech Republic. September 2009; 985–1189.

11.

Hollingsworth . The workflow reference model. The Workflow Management Coalition Specification, 1995, pp. TC00–1003.

12.

Atkinson

Gesing

Montagnat

, et al. Scientific workflows: past, present and future. Future Generat Comput Syst 2017; 75: 216–227.

13.

Dos Santos

Ranise

. A survey on workflow satisfiability, resiliency, and related problems. 2017. ArXiv Preprint arXiv:1706.07205.

14.

Boughrous

El Bakkali

. A comparative study on access control models and security requirements in workflow systems. Innovations in bioinspired computing and applications; advances in intelligent systems and computing. Cham: Springer, 2018, Vol. 735.

15.

Mohamed

AKYS

Auer

Hofer

, et al. A systematic literature review for authorization and access control: definitions, strategies and models. Int J Web Inf Syst 2022; 18: 156–180.

16.

Kizza

. Access control and authorization. In: Kizza

(ed) Guide to computer network security texts in computer science 2020. Cham: Springer International Publishing, 2020, pp. 187–206.

17.

Mitra

Sural

Vaidya

, et al. Migrating from RBAC to temporal RBAC. IET Inf Secur 2017; 11(5): 294–300.

18.

Rajpoot

Jensen

Krishnan

(2015). Attributes enhanced role-based access control model. In Proceedings of the 2015 Conference on Information Assurance and Cyber Security (CIACS) (pp. 3-17). Valencia, Spain.

19.

Smari

Clemente

Lalande

. An extended attribute-based access control model with trust and privacy: application to a collaborative crisis management system. Future Generat Comput Syst 2014; 31: 147–168.

20.

Atlam

Azad

Alassafi

, et al. Risk-based access control model: a systematic literature review. Future Internet 2020; 12(6): 103.

21.

Sandhu

Coyne

Feinstein

, et al. Role-based access control models. Computer 1996; 29(2): 38–47.

22.

Ultra

Pancho-Festin

. A simple model of separation of duty for access control models. Comput Secur 2017; 68: 69–80.

23.

El Kandoussi

El bakkali

. Security based partner selection in inter-organizational workflow systems. Int j commun netw inf secur 2022; 10(3): 462.

24.

Naidoo

. A multi-level influence model of COVID-19 themed cybercrime. Eur J Inf Syst 2020; 29(3): 306–321.

25.

Ayed

Cuppens-Boulahia

Cuppens

. Deploying security policy in intra and inter workflow management systems. In: 2009 international conference on availability, reliability and security, Fukuoka, Japan, 16–19 March 2009, pp. 58–65. IEEE.

26.

Chi

Jones

Zhao

. Implementation of a security access control model for inter-organizational healthcare information systems. In: 2008 IEEE Asia-Pacific services computing conference, Yilan, 09–12 December 2008, pp. 692–696.

27.

Cohen

Crampton

Gagarin

, et al. Iterative plan construction for the workflow satisfiability problem. J Artif Intell Res 2014; 51(1): 555–577.

28.

Crampton

Gutin

Yeo

. On the parameterized complexity and Kernelization of the workflow satisfiability problem. ACM Trans Inf Syst Secur 2013; 16(1): 4.

29.

Gutin

. The workflow satisfiability problem with user-independent constraints. In: 2019 first international conference on Graph Computing (GC), Laguna Hills, CA, 25–27 September 2019, pp. 1–4. IEEE.

30.

Gutin

Kratsch

Wahlström

. Polynomial kernels and user reductions for the workflow satisfiability problem. Algorithmica 2016; 75(2): 383–402.

31.

Zavatteri

Viganò

. Last man standing: static, decremental and dynamic resiliency via controller synthesis. J Comput Secur 2019; 27(3): 343–373.

32.

Wang

Muddada

Wang

, et al. Toward a resilient holistic supply chain network system: concept, review and future direction. IEEE Syst J 2016; 10(2): 410–421.

33.

Wang

Dou

Muddada

, et al. Management of a holistic supply chain network for proactive resilience: theory and case study. Comput Ind Eng 2018; 125: 668–677.

34.

Zhang

Lin

. On the principle of design of resilient systems–application to enterprise information systems. Enterprise Inf Syst 2010; 4(2): 99–110.

35.

Mace

Morisset

van Moorsel

. Modelling user availability in workflow resiliency analysis. In: Proceedings of the 2015 symposium and bootcamp on the science of security (HotSoS’15), New York, NY, 21–22 April 2015, p. 7.

36.

Wong

Jacobson

Massengill

, et al. Safe interorganizational health information exchange during the COVID-19 pandemic. J Am Med Dir Assoc 2020; 21(12): 1808–1810.

37.

Director-general’s opening remarks at the media briefing on COVID-19. https://www.who.int/director-general/speeches/detail/who-director-general-s-opening-remarks-at-the-media-briefing-on-covid-19-11-march-2020, (accessed 11 March 2020).

38.

Ågerfalk

Conboy

Myers

. Information systems in the age of pandemics: COVID-19 and beyond. Eur J Inf Syst 2020; 29(3): 203–207.

39.

Seetharaman

. Business models shifts: impact of covid-19. Int J Inf Manag 2020; 54: 102173.

40.

Dwivedi

Hughes

Coombs

, et al. Impact of COVID-19 pandemic on information management research and practice: transforming education, work and life. Int J Inf Manag 2020; 55: 102211.

41.

Begun

Jiang

. Health care management during Covid-19: insights from complexity science. NEJM Catalyst Innovations in Care Delivery. 2020; 1(5).

42.

Kahani

Elgazzar

Cordy

. Authentication and access control in e-health systems in the cloud. In: 2016 IEEE 2nd international conference on big data security on cloud (BigDataSecurity), IEEE international conference on high performance and smart computing (HPSC), and IEEE international conference on intelligent data and security (IDS), New York, NY, 09–10 April 2016, pp. 13–23.

43.

Ponemon

Institute.

Cost of a Data Breach Report 2022. Sponsored and published by IBM Security. Armonk, NY: IBM Corporation, July 2022.

44.

Wong

ELY

Yeoh

Dong

. Covid-19: transforming healthcare will require collaboration and innovative policies. BMJ 2020; 369: m2229.

45.

Singh

Chatterjee

. Security and privacy issues of electronic healthcare system: a survey. J Inf Optim Sci 2019; 40(8): 1709–1729.

46.

Santos Ranise . A survey on workflow satisfiability, resiliency, and related problems. CoRR. 2017. ArXiv:1706.07205 [cs].

47.

Karapetyan

Parkes

Gutin

, et al. Pattern-based approach to the workflow satisfiability problem with user-independent constraints. J Artif Intell Res 2019; 66: 85–122.

48.

Gutin

Wahlström

. Tight lower bounds for the workflow satisfiability problem based on the strong exponential time hypothesis. Inf Process Lett 2016; 116(3): 223–226.

49.

Mace

Morisset

van Moorsel

. Quantitative workflow resiliency. Cham: Computer Security - ESORICS, 2014, pp. 344–361.

50.

Mace

Morisset

van Moorsel

. Resiliency variance in workflows with choice. Cham: Software Engineering for Resilient Systems, 2015, pp. 128–143.

51.

Crampton

Gutin

Karapetyan

, et al. The bi-objective workflow satisfiability problem and workflow resiliency. J Comput Secur 2017; 25(1): 83–115.

52.

Sadki

El Bakkali

. Resolving conflicting privacy policies in m-health based on prioritization. Scalable Comput Pract Exp 2016; 17(3): 207–226.

53.

Chu

Tso

Zhang

, et al. Partnership synthesis for virtual enterprises. Int J Adv Des Manuf Technol 2002; 19: 384–391. DOI: 10.1007/s001700200028.

54.

Pego-Guerra

Zhang

. Robust Management of Virtual Enterprises. Proceedings of the ASME 2010 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference. Volume 6: 15th Design for Manufacturing and the Lifecycle Conference; 7th Symposium on International Design and Design Education. Montreal, Quebec, Canada. August 15–18, 2010. pp. 299-306. ASME.

55.

Davidson-Pilon

. Bayesian methods for hackers: probabilistic programming and Bayesian inference. Boston, MA: Addison-Wesley Professional, 2015.

56.

Martin

Kumar

Lao

. Bayesian modeling and computation in Python. Boca Raton, FL: Chapman and Hall/CRC, 2022.