pe-bpmn-editor_restrictions
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
pe-bpmn-editor_restrictions [2018/04/20 04:35] admin |
pe-bpmn-editor_restrictions [2018/05/15 16:53] admin |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| PE-BPMN stereotypes define various rules that need to be obeyed when adding the stereotypes to the | PE-BPMN stereotypes define various rules that need to be obeyed when adding the stereotypes to the | ||
| model in order for the model to have a reasonable semantics. Some rules are stereotype specific, e.g. the | model in order for the model to have a reasonable semantics. Some rules are stereotype specific, e.g. the | ||
| - | number of inputs and outputs a stereotypes task needs is defined under each stereotype and it can be easily verified when adding the stereotype to the model. Other checks apply to several stereotypes at once and therefore require the general context of the process model to verify important properties. An intermediate model with only some stereotypes may not yet be complete enough to check them while adding the stereotypes. For example, [[pe-bpmn-editor_stereotypes_otsend|OTSend]] and [[pe-bpmn-editor_stereotypes_otreceive|OTReceive]] stereotypes need to be grouped together to have a valid model, | + | number of inputs and outputs a stereotypes task needs is defined under each stereotype and it can be easily verified when adding the stereotype to the model. Other checks apply to several stereotypes at once and therefore require the general context of the process model to verify important properties. An intermediate model with only some stereotypes may not yet be complete enough to check them while adding the stereotypes. For example, [[pe-bpmn-editor_otsend|OTSend]] and [[pe-bpmn-editor_otreceive|OTReceive]] stereotypes need to be grouped together to have a valid model, |
| but when adding the first stereotype then we can not take the group restriction into account yet. Hence, | but when adding the first stereotype then we can not take the group restriction into account yet. Hence, | ||
| these checks are not reasonable to do when adding the stereotypes, but they are carried out before the | these checks are not reasonable to do when adding the stereotypes, but they are carried out before the | ||
| Line 19: | Line 19: | ||
| The stereotypes have specific integrity constraints that should be followed for the privacy model to be | The stereotypes have specific integrity constraints that should be followed for the privacy model to be | ||
| syntactically correct. They require inputs and generate outputs that need to be consistent to capture the | syntactically correct. They require inputs and generate outputs that need to be consistent to capture the | ||
| - | meaning of the stereotyped activity. For instance, [[pe-bpmn-editor_stereotypes_pkencrypt|PKEncrypt]] requires an input of data in plaintext and a publicKey and results in a ciphertext, encryptedData . We expect that the public key input to [[pe-bpmn-editor_stereotypes_pkencrypt|PKEncrypt]] is fixed as [[pe-bpmn-editor_stereotypes_pkpublic|PKPublic]] . In addition, for many stereotypes we also need to verify that the input is indeed of the type claimed on the model. e.g. that an input to [[pe-bpmn-editor_stereotypes_pkdecrypt|PKDecrypt]] has indeed come from [[pe-bpmn-editor_stereotypes_pkencrypt|PKEncrypt]] or [[pe-bpmn-editor_stereotypes_pkcomputation|PKComputation]] and is a ciphertext. Under each stereotype it is described the input and output types that the tasks expect and it can be used as a reference to see which sequences of stereotypes are valid on the model. The label data can apply to any data object on the model meaning that there are no restrictions on the inputs and the output is treated as having no protection mechanism. For [[pe-bpmn-editor_stereotypes_pkdecrypt|PKDecrypt]] we also require that the private key (of type [[pe-bpmn-editor_stereotypes_pkprivate|PKPrivate]] ) that is used to decrypt forms a key pair with the public key (of type [[pe-bpmn-editor_stereotypes_pkpublic|PKPublic]] ) that was used to initially encrypt the data. For computations of [[pe-bpmn-editor_stereotypes_pkcomputation|PKComputation]] type we expect that all ciphertext inputs correspond to encryptions using the same public key and the output is then also considered to use the same key. | + | meaning of the stereotyped activity. For instance, [[pe-bpmn-editor_pkencrypt|PKEncrypt]] requires an input of data in plaintext and a publicKey and results in a ciphertext, encryptedData . We expect that the public key input to [[pe-bpmn-editor_pkencrypt|PKEncrypt]] is fixed as [[pe-bpmn-editor_pkpublic|PKPublic]] . In addition, for many stereotypes we also need to verify that the input is indeed of the type claimed on the model. e.g. that an input to [[pe-bpmn-editor_pkdecrypt|PKDecrypt]] has indeed come from [[pe-bpmn-editor_pkencrypt|PKEncrypt]] or [[pe-bpmn-editor_pkcomputation|PKComputation]] and is a ciphertext. Under each stereotype it is described the input and output types that the tasks expect and it can be used as a reference to see which sequences of stereotypes are valid on the model. The label data can apply to any data object on the model meaning that there are no restrictions on the inputs and the output is treated as having no protection mechanism. For [[pe-bpmn-editor_pkdecrypt|PKDecrypt]] we also require that the private key (of type [[pe-bpmn-editor_pkprivate|PKPrivate]] ) that is used to decrypt forms a key pair with the public key (of type [[pe-bpmn-editor_pkpublic|PKPublic]] ) that was used to initially encrypt the data. For computations of [[pe-bpmn-editor_pkcomputation|PKComputation]] type we expect that all ciphertext inputs correspond to encryptions using the same public key and the output is then also considered to use the same key. |
| In short, it can be said that the protection mechanism (or protection type task) on the model limits the | In short, it can be said that the protection mechanism (or protection type task) on the model limits the | ||
| correct processing of the protected data and can define parameters that need to be checked in computation | correct processing of the protected data and can define parameters that need to be checked in computation | ||
| - | or opening phases. There are also conditions that need to hold for the opening stereotypes to make protected data public or for the computation stereotypes to be able to perform the computations and these aro also described under each stereotype. | + | or opening phases. There are also conditions that need to hold for the opening stereotypes to make protected data public or for the computation stereotypes to be able to perform the computations and these are also described under each stereotype. |
| ===== Grouped Stereotypes ===== | ===== Grouped Stereotypes ===== | ||
| Stereotypes that belong to groups usually have restrictions to which tasks there need to be in a group. | Stereotypes that belong to groups usually have restrictions to which tasks there need to be in a group. | ||
| - | Groups denote computations that somehow belong together. Mostly, we group stereotypes that correspond to separate tasks of collaborative protocols. For example, [[pe-bpmn-editor_stereotypes_mpc|MPC]] tasks are grouped together. | + | Groups denote computations that somehow belong together. Mostly, we group stereotypes that correspond to separate tasks of collaborative protocols. For example, [[pe-bpmn-editor_mpc|MPC]] tasks are grouped together. |
| We use a different grouping semantics for Intel SGX technology where we group all tasks carried out | We use a different grouping semantics for Intel SGX technology where we group all tasks carried out | ||
| - | in a single enclave. For example, tasks with [[pe-bpmn-editor_stereotypes_sgxattestationchallenge|SGXAttestationChallenge]] stereotype must come in pairs | + | in a single enclave. For example, tasks with [[pe-bpmn-editor_sgxattestationchallenge|SGXAttestationChallenge]] stereotype must come in pairs |
| - | with a task with [[pe-bpmn-editor_stereotypes_sgxattestationenclave|SGXAttestationEnclave]] stereotype, while this [[pe-bpmn-editor_stereotypes_sgxattestationenclave|SGXAttestationEnclave]] stereotype task | + | with a task with [[pe-bpmn-editor_sgxattestationenclave|SGXAttestationEnclave]] stereotype, while this [[pe-bpmn-editor_sgxattestationenclave|SGXAttestationEnclave]] stereotype task |
| - | can also be in a group with multiple [[pe-bpmn-editor_stereotypes_sgxcomputation|SGXComputation]] tasks. We expect the [[pe-bpmn-editor_stereotypes_sgxattestationenclave|SGXAttestationEnclave]] and [[pe-bpmn-editor_stereotypes_sgxcomputation|SGXComputation]] to be carried out by the same enclave if grouped together. For tasks that need to be executed in parallel we also require that they are executed by different stakeholders. | + | can also be in a group with multiple [[pe-bpmn-editor_sgxcomputation|SGXComputation]] tasks. We expect the [[pe-bpmn-editor_sgxattestationenclave|SGXAttestationEnclave]] and [[pe-bpmn-editor_sgxcomputation|SGXComputation]] to be carried out by the same enclave if grouped together. For tasks that need to be executed in parallel we also require that they are executed by different stakeholders. |
| A challenge is checking the necessary parallelism of some grouped stereotypes in two cases: | A challenge is checking the necessary parallelism of some grouped stereotypes in two cases: | ||
| Line 43: | Line 43: | ||
| tasks) in models with gateways when we have no start event to begin the check from. | tasks) in models with gateways when we have no start event to begin the check from. | ||
| - | Validation results are reported as a list of errors (colored red) and warnings (colored orange) or as | + | Validation results are reported as a list of errors (coloured red) and warnings (coloured orange) or as |
| a success message "Passed validation". | a success message "Passed validation". | ||
pe-bpmn-editor_restrictions.txt · Last modified: 2020/03/17 18:21 by pullonen
Page Tools
