MD_WFN：一种基于Petri网的工作流模型研究*

一个完整的工作流通常包含需要执行的任务集、各任务之间的依赖关系以及支持各任务执行的相应资源类型和执行任务所需的时间等,然而目前大多数的工作流建模方法往往只注重模型的某些方面,缺乏对工作流各要素的统一建模能力。通过对传统Petri网的改进,提出了一种包括任务、控制、资源、时间等多要素的多维工作流模型（multidimensional workflow net,MD_WFN）,实现了任务流、控制流、资源流在同一工作流模型中的统一。对基于MD_WFN模型的工作流模式和工作流建模过程进行研究,为使用MD_WFN     

一种基于实例状态的工作流系统监控方法

工作流监控是处理工作流运行期各种例外、保证工作流实例正确高效执行的有效方法．基于状态的工作流监控方法不仅可以实时处理实例执行过程中出现的各种例外、消除实例运行的阻塞,并能对任务执行进行必要的干预．但这类监控也经常造成工作流模型及实例的不一致,如不加以调整,会导致后续任务无法执行．在对ADEPT模型及过程实例进行形式化定义基础上,给出用于验证过程模型正确性和过程实例一致性的判定规则;提出一个基于状态的实时监控方法,该方法由一组状态转换原语和过程实例转换算法组成．采用该监控方法并结合上述判定规则,在完成各种监控任务的同时,保证了模型的正确性和过程实例的一致性．最后讨论了原语操作的完备性和一致性．     

DAG分割模型下的云工作流调度策略

为了优化云工作流调度的经济代价和执行效率,提出一种基于有向无循环图（DAG）分割的工作流调度算法PBWS。以工作流调度效率与代价同步优化为目标,算法将调度求解过程划分为三个阶段进行：工作流DAG结构分割、分割结构调整及资源分配。工作流DAG结构分割阶段在确保任务间执行顺序依赖的同时求解初始的任务分割图;分割结构调整阶段以降低执行跨度为目标,在不同分割间对任务进行重分配;资源分配阶段旨在选择代价最高效的任务与资源映射关系,确保资源的总空闲时间最小。利用五种科学工作流DAG模型对算法进行了仿真实验。结果表明。PBWS算法仅以较小的执行跨度为开销,极大降低了工作流执行代价,实现了调度效率与调度代价的同步优化,其综合性能是优于同类型算法的。     

ETL工作流活动优先级的确定及并行实现*

ETL流程是一个以数据为中心的工作流,对ETL工作流的执行过程进行论述,提出了一个算法,计算ETL工作流中各个活动的执行优先级,在工作流执行中为优先级相同且相互之间没有依赖关系的活动集创建多个线程,通过并行执行这些活动,提高了ETL工作流的执行效率。实验结果表明,所提出的并行算法与串行算法比较,在数据量足够大的情况下,加速比可接近理想值,加速比随着数据量增大而提高。     

基于RBAC和ECA规则构建的工作流系统

针对工作流建模的复杂性和模型的安全存取控制问题,提出一种通过建立任务节点和路由节点及其依赖关系来创建工作流模型的方法。在任务节点中引入RBAC机制对角色属性进行约束以实现对工作流的安全存取控制。在路由节点中引入ECA规则,灵活地控制了工作流的流程。最后给出利用该方法建立的工作流系统体系结构的描述。     

适用于实例密集型云工作流的调度算法

工作流调度算法仅适用于单个复杂工作流实例,而不适用于实例密集型云工作流实例,为此,提出了基于实例密集型的云工作流调度算法(MCUD)。MCUD算法先对待处理的一组工作流实例进行分类,再对分类后的同类工作流实例采用一种新的分配方法将用户指定的总最后期限分配到各任务;同时,在调度的过程中动态地调整后续任务的子最后期限。MCUD算法对同类工作流实例中的任务分配不同子最后期限,减小了资源竞争,提高了资源的利用率。仿真实验表明,MCUD相比于其他算法,在满足总的最后期限的前提下更进一步地降低了执行成本和执行时间。     

基于工作流技术的信访业务协同处理系统

本文提出了一个基于工作流技术的协同处理模型。用户可以定制工作流,并将基于角色和任务的访问控制运用于模型中,实现安全访问控制的工作流建模。利用该模型,研发了信访业务协同处理系统,介绍了系统的动态工作流管理技术、基于角色和任务的工作流访问控制与协调处理方法。     

企业动态联盟中柔性工作流的研究与实现

柔性问题是工作流管理系统在应用中面临的一个重要问题，目前已成为工作流技术领域的研究热点之一，在本文中，我们在对工作流的基本概念进行介绍之后从几个方面讨论柔性在工作流管理中的必要性，随后对柔性作出大体的分类与讨论，DyFxWF是一个基于面向对象技术开发的工作流管理系统的原型系统，客户可以在工作流的执行过程中根据具体情况修改执行路径，调整任务及其它参数，实现了动态的柔性。     

基于Web的工作流安全性研究

基于Web的工作流管理系统的安全问题主要涉及到两方面:授权(及访问控制)和安全通讯。工作流管理系统需要一个动态的授权机制,即在工作流的执行过程中动态地分配和撤销相应的权限。文中提出一个动态授权模型,即利用5个授权函数、授权数据库(AB)以及任务执行过程中产生的一些事件来实现动态授权机制。此外还简要介绍了基于Web的工作流中涉及到的安全通讯问题及其解决方法。利用这个模型,可以大大地增强工作流管理系统的安全性能。     

一种基于任务依赖信息的工作流事务模型

H·Garcia-Molina等人提出了用于解决长事务问题的Sagas模型,但Sagas模型的事务补偿过程会撤销整个长事务,另外模型要求长事务的每个子事务都必须具有补偿子事务,这两个缺陷大大影响了Sagas模型的执行效率和适用性。本文通过利用任务间的依赖关系以及对事务进行分类的方法,在Sagas的基础上实现了一个部分补偿的工作流事务模型,对于不同类型的事务执行不同的补偿策略,同时即使撤销子事务也仅撤销该子事务所对应的依赖事务,而不是撤销整个事务流程。     

A task graph execution manager for reconfigurable multi-tasking systems

Reconfigurable hardware can be used to build multi-tasking systems that dynamically adapt themselves to the requirements of the running applications. This is especially useful in embedded systems, since the available resources are very limited and the reconfigurable hardware can be reused for different applications. In these systems computations are frequently represented as task graphs that are executed taking into account their internal dependencies and the task schedule. The management of the task graph execution is critical for the system performance. In this regard, we have developed two different versions, a software module and a hardware architecture, of a generic task graph execution manager for reconfigurable multi-tasking systems. The second version reduces the run-time management overheads by almost two orders of magnitude. Hence it is especially suitable for systems with exigent timing constraints. Both versions include specific support to optimize the reconfiguration process.     

Workflow-Based Authorization Service in the Grid

In a distributed environment, a specific right may be required while a task is controlled and processed. A user should delegate enough rights to a task for processing. Tasks cannot work correctly if delegated rights are insufficient, or security threats may occur if delegated rights are excessive. Restricted delegation is the step that delegates proper rights to a task, and that enables fine-grained authorization in the Grid. In this paper, we propose the WAS architecture as a method for supporting restricted delegation and rights management. In contrast to traditional architecture, the WAS architecture uses a workflow that describes the sequence of rights required for normal execution of a task. By using the workflow, the WAS architecture is able to check whether the task exercises allowed rights. The WAS architecture is implemented on Globus toolkit 2.0 and extended on Globus toolkit 3.0.     

Adaptive Task Pools: Efficiently Balancing Large Number of Tasks on Shared-address Spaces

Task based approaches with dynamic load balancing are well suited to exploit parallelism in irregular applications. For such applications, the execution time of tasks can often not be predicted due to input dependencies. Therefore, a static task assignment to execution resources usually does not lead to the best performance. Moreover, a dynamic load balancing is also beneficial for heterogeneous execution environments. In this article a new adaptive data structure is proposed for storing and balancing a large number of tasks, allowing an efficient and flexible task management. Dynamically adjusted blocks of tasks can be moved between execution resources, enabling an efficient load balancing with low overhead, which is independent of the actual number of tasks stored. We have integrated the new approach into a runtime system for the execution of task-based applications for shared address spaces. Runtime experiments with several irregular applications with different execution schemes show that the new adaptive runtime system leads to good performance also in such situations where other approaches fail to achieve comparable results.     

ViennaX: a parallel plugin execution framework for scientific computing

We present the free open source plugin execution framework ViennaX for modularizing and parallelizing scientific simulations. In general, functionality is abstracted by the notion of a task, which is implemented as a plugin. The plugin system facilitates the utilization of both, already available functionality as well as new implementations. Each task can define arbitrary data dependencies which are used by ViennaX to build a task graph. The framework supports the execution of this dependence graph based on the message passing interface in either a serial or a parallel fashion. The applied modular approach allows for defining highly flexible simulations, as plugins can be easily exchanged. The framework’s general design as well as implementation details are discussed. Applications based on the Mandelbrot set and the solution of a partial differential equation are investigated, and performance results are shown.     

Resource Management in a Distributed Computer System with Allowance for the Level of Trust to Computational Components

This article considers the ensuring of secure data processing in distributed computer systems (DCSs), which is important for a certain class of computing tasks. An approach to the resource management in DCSs is proposed that makes it possible to take into account, according to user requirements, both the time spent on the execution of a task and the security level of the system resources involved in its execution.     

Integrating constraints to support legally flexible business processes

Flexible collaboration is a notable attribute of Web 2.0, which is often in the form of multiple users participating different activities that together complete a whole business process. In such an environment, business processes may be dynamically customized or adjusted, as well as the participants may be selected or attend uncertainly. So how to ensure the legitimacy of a business process for both security and business is increasingly critical. In this paper, we investigate this problem and introduce a novel method to support legally flexible business processes. The proposed Constraint-based Business Process Management Model incorporates constraints into the standard activities composing a business process, where the security constraints place restrictions on participants performing the activities and business constraints restrict the dependencies between multiple activities. By the assembly operations, business processes can be dynamically generated and adjusted with activities, that are obliged to the specified constraints. Several algorithms are presented to verify the consistency of constraints and the soundness of the generated business processes, as well as to perform the execution planning to guarantee the correct execution of a business process on the precondition of satisfying all constraints. We present an illustrative example and implement a prototype for the proposed model that is an application of property rights exchange for supporting legal business processes.     

Computation of dynamic program slices for unstructured programs

A dynamic program slice is an executable part of the program whose behaviour is identical, for the same program input, to that of the original program with respect to a variable(s) of interest at some execution position. The existing algorithms of dynamic slice computation use data and control dependencies to compute dynamic slices. These algorithms are limited to structured programs because they may compute incorrect dynamic slices for unstructured programs, due to the limitations of control dependencies that are used to compute dynamic slices. In this paper, we present a novel approach to dynamic slice computation for unstructured programs. The approach employs the notion of a removable block in finding dynamic program slices. Dynamic slices are derived by identifying not only those parts of program execution that contribute to the computation of the value of a variable of interest, but also those parts of program execution that do not contribute to the computation of the variable value. Data dependencies are used to identify contributing computations, whereas removable blocks are used to identify noncontributing computations. We have proved that the presented dynamic slicing algorithms correctly compute dynamic slices. In addition, these algorithms may compute more accurate dynamic slices compared to existing algorithms that use control dependencies. The presented algorithms have been implemented in a tool that supports dynamic slicing for Pascal programs     

Comparison of selected algorithms for scheduling workflow applications with dynamically changing service availability

This paper compares the quality and execution times of several algorithms for scheduling service based workflow applications with changeable service availability and parameters. A workflow is defined as an acyclic directed graph with nodes corresponding to tasks and edges to dependencies between tasks. For each task, one out of several available services needs to be chosen and scheduled to minimize the workflow execution time and keep the cost of service within the budget. During the execution ofa workflow, some services may become unavailable, new ones may appear, and costs and execution times may change with a certain probability. Rescheduling is needed to obtain a better schedule. A solution is proposed on how integer linear pro- gramming can be used to solve this problem to obtain optimal solutions for smaller problems or suboptimal solutions for larger ones. It is compared side-by-side with GAIN, divide-and-conquer, and genetic algorithms for various probabilities of service unavailability or change in service parameters. The algorithms are implemented and subsequently tested in a real BeesyCluster environment.     

作业流访问控制策略

作业流是一系列任务，它由一个任务集和一个任务关系集组成，其中，任务关系集说明各任务的执行顺序。该文在给出作业流定义的基础上，提出了一种基于作业流Petri网描述的访问控制机制，并介绍了该机制的实现。     

An analysis on secure coding using symbolic execution engine

Business’ dependency on a software or computer program is getting higher. In such an environment, eliminating security vulnerabilities have become increasingly important and difficult as programs are more complicated and have greater impacts on businesses. We analyzed the security vulnerabilities of code using a symbolic execution engine that tracks data which would kill or might make the program vulnerable. We also present smart fuzzing using the data from the symbolic execution engine, an effective software vulnerability-finding testing that automatically generates inputs that crash or penetrate the program. By using symbolic execution engine, we can produce the automatically-generated data that are strong against vulnerability issues. In the case when program verification tools fail to verify a program, either the program is buggy or the report is a false alarm. In this case, the burden is put on users in manually classifying the report, which is a time-consuming, error-prone task and it does not utilize facts already proven by the analysis. We present a new technique for assisting users in classifying error reports. Our technique computes small, relevant queries presented to a user, which capture exact information that the analysis misses to either discharge or validate the error. In this paper, a methodology proper to detecting the security vulnerability is suggested by engrafting the symbol-based engine into the secure coding. Also, its effect was verified through the security vulnerability inspection test using the suggested symbolic execution engine. A notion of symbolically executing the program has been presented, which is closely related to the normal notion of program execution. It offers the advantage that one symbolic execution may represent a large, usually infinite, class of normal executions. This can be used for great advantages in the program inspecting and debugging.