Advanced protection of workflow sessions with SEWebSession

Abstract

This paper presents Secure Enhanced Web Session providing an advanced protection of the Web sessions required in the Workflow environments. SEWebSession provides mandatory access control to the session state since the proposed policy is outside the scope of the Workflow developers and participants. Our MAC approach authorises various confidentiality and integrity properties for the session state. SEWebSession controls a session state whether it is maintained in the memory of the Web server, a dedicated server or a SQL Database. The protection rules can be reused from one platform to another one. SEWebSession has been successfully integrated within an industrial Workflow environment running on Windows platforms. The experimentations show the efficiency of SEWebSession for protecting Microsoft Windows/IIS platforms. However, SEWebSession can be easily ported within Linux/ Apache platforms. © 2013 Springer-Verlag Berlin Heidelberg.