雲端運算 (Cloud computing) 技術在學術界跟工業界已經被廣泛地研究及利用，越來越多企業跟使用者將他們的資料以及應用程式搬移至雲端環境上。雲端運算提供一個新的運算模式，其擁有彈性調整計算規模、由異質資源整合而成之無容量限制的資源池 (resource pool) 以及依照需求 (on-demand) 供給計算資源等機制。這些新的概念為工作流程管理系統 (Workflow Management System, WfMS) 的實作上帶來許多新的挑戰。若要在雲端環境建立一個具可擴展性且可支援跨企業運作的工作流程管理系統，則需要將現有的程序管理 (process management) 概念作更多的延伸以及使其適應雲端的環境。
本論文將會提出一個具有可擴展性且可在多租戶環境上運作的跨企業工作流程系統。特別的是，工作流程程序 (workflow process) 的制定可以透過雲端協作(cloud collaboration)的機制來完成。我們不會將傳統需要透過引擎 (engine-based) 控制的工作流程系統架構直接佈署到雲端上，而是讓工作流程程序實例 (workflow process instance) 擁有自我保護的能力，如此一來，也不需要另外使用存取控制 (access-control) 的機制去保護敏感資料免受惡意竊取。因此，工作流程實例的探索以及流程活動 (activity) 的執行就可以各自獨立並且分散執行。
另外在本論文所提出的系統中，我們採用 BigTable 來儲存所有的工作流程程序實例以及控制工作流程程序的執行，讓系統得以成為可容納巨量資料的工作流程系統。我們也使用元素式加密法 (element-wise encryption) 和鏈狀數位簽章 (chained digital signature) 等技術讓工作流程可以擁有身分驗證機制、資料保密性、資料完整性以及不可否認性等安全性需求。
而且工作流程程序實例可以備份及遷移至其他相容的平台而不必依靠雲端服務提供者的支援。因此，本論文所提出的系統也可以適用在不受信任的雲端伺服器上。系統的相關實作細節以及實驗數據則可以展示此系統架構的可行性。

Cloud computing is gaining tremendous momentum in both academia and industry, with more and more people and enterprises migrating their data and applications into the cloud. Cloud computing provides a new computing model with elastic scaling, a resource pool of unprecedented size, and the on-demand resource provisioning mechanism, which bring numerous challenges in implementing workflow management systems (WfMSs) in the cloud. Establishing scalable and cross-enterprise WfMSs in the cloud requires the adaptation and extension of existing concepts for process management.
This thesis proposes a scalable and cross-enterprise WfMS which can be applied in a multitenancy cloud environment. Especially, it can activate enactment of workflow processes by cloud collaboration. We do not employ the traditional engine-based WfMSs. The key idea is to have the workflow process instance to be self-protected and does not need an access-control server to secure the data therein. Thus, the process instance discovery and activity execution can be fully independently and distributed.
As a result, we can employ the data storage system, BigTable, to store the process instances, which may form a big data, and control the execution of workflow processes. The applying of element-wise encryption and chained digital signature makes it satisfy major security requirements of authentication, confidentiality, data integrity, and nonrepudiation.
Also, the process instance migration and replication can be fulfilled without the supporting of the cloud provider. Therefore, the proposed system can also be applied to cloud with untrusted server. The implementation and experimental results demonstrate the feasibility of the proposed framework.

1. D. Georgakopoulos, M. Hornick, and A. Shet, “Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure,” Distributed and Parallel Databases, Vol. 3, No. 2, 1995, Pages 119–153.

2. Shi Meilin, Yang Guangxin, Xiang Yong, and Wu Shangguang, ”Workflow Management Systems: A Survey,” International Conference on Communication Technology, 1998.

3. “Workflow Management Coalition. Workflow: An Introduction,” Workflow Handbook, 2002.

4. “Workflow Software via Cloud Computing Service – RunMyProcess,” http://www.runmyprocess.com/.

5. “Visual Workflow: experience the speed of visual app development,” http://www.salesforce.com/platform/cloud-platform/workflow.jsp.

6. “Aneka: Enabling .NET-based Enterprise Grid and Cloud Computing, ”http://www.manjrasoft.com/products.html.

7. “Azure Services Platform,” http://en.wikipedia.org/wiki/Microsoft_Azure#Azure_Platform_Components.

8. “Implementing Workflows on Google App Engine with Fantasm,” http://code.google.com/intl/zh-TW/appengine/articles/fantasm.html.

9. S. Ceri, P. Grefen, and G. Sánchez, “WIDE − A Distributed Architecture for Workflow Management,” The 7th Int. Workshop on Research Issues in Data Engineering, Birmingham, 1997.

10. P. Muth, D. Wodtke, J. Weißenfels, A. Kotz-Dittrich, and G. Weikum, “From Centralized Workflow Specification to Distributed Workflow Execution,” Journal of Intelligent Information Systems, 10(2):159-184, 1998.
11. H. Schuster, J. Neeb, and R. Schamburger, “A Configuration Management Approach for Large Workflow Management Systems,” Joint Conf. on Work Activities Coordination and Collaboration, San Francisco, 1999.

12. T. Bauer and P. Dadam, “Efficient Distributed Workflow Management Based on Variable Server Assignments,” B. Wangler, L. Bergman (Eds.): CAiSE 2000, LNCS 1789, pp. 94-109, 2000.

13. Li-jie Jin, Fabio Casati, Mehmet Sayal, and Ming-Chien Shan, “Load balancing in distributed workflow management system,” Proceedings of the 2001 ACM symposium on Applied computing (SAC '01).

14. George Coulouris, Jean Dollimore, Tim Kindberg. “Distributed Systems: Concepts and Design (3rd Edition),” Addison-Wesley, 2000.

15. Bojanova, Irena; Zhang, Jia; Zhang, Liang-Jie, “Enforcing Multitenancy for Cloud Computing Environments,” IT Professional, Volume 14, Issue 1, 2012.

16. Milinda Pathirage, Srinath Perera, Indika Kumara , and Sanjiva Weerawarana, “A Multi-tenant Architecture for Business Process Executions,” Proceedings of the 2011 IEEE International Conference on Web Services, pp. 121-128.

17. Chun-Feng Liao, Kung Chen, and Jiu-Jye Chen, “Toward a Tenant-aware Query Rewriting Engine for Universal Table Schema-Mapping,” IEEE International Conference on Cloud Computing Technology and Science (IEEE CloudCom 2012), presented in 2012 International Workshop on SaaS (Software-as-a-Service) Architecture and Engineering, Taipei, Taiwan, 2012.

18. C. D. Weissman and S. Bobrowski, ”The design of the Froce.com multitenant internet application development platform,” in Proc. ACM SIGMOD International Conference on Management of Data, 2009.

19. “Google docs,” http://docs.google.com.

20. “Google calendar,” http://www.google.com/calendar.

21. Ariel J. Feldman, William P. Zeller, Michael J. Freedman, and Edward W. Felten, “SPORC: Group Collaboration using Untrusted Cloud Resources,” the 9TH USENIX SYMPOSIUM ON OPERATING SYSTEMS SYSTEMS DESIGN AND IMPLEMENTATION, 2010.

22. A. Adya, W. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. Douceur, J. Howell, J. Lorch, M. Theimer, and R. Wattenhofer, “FARSITE: Federated, Available, and Eliable Storage for an Incompletely Trusted Environment,” In OSDI, pages 1–14, December 2002.

23. J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao, “Oceanstore: An Architecture for Global-scale Persistent Storage,” In ASPLOS, December 2000.

24. G. Ganger, P. Khosla, M. Bakkaloglu, M. Bigrigg, G. Goodson, S. Oguz, V. Pandurangan, C. Soules, J. Strunk, and J. Wylie, “Survivable storage systems. In DARPA Information Survivability Conference and Exposition,” IEEE, volume 2, pages 184–195, June 2001.

25. P. Druschel and A. Rowstron, “Storage management and caching in PAST, a large-scale, persistent peerto-peer storage utility,” In SOSP, 2001.

26. Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, and Dan Boneh, “Sirius: securing remote unstrusted storage,” In NDSS (2003).

27. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable Secure File Sharing on Untrusted Storage,” In USENIX FAST (2003).

28. Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang, “Enabling Security in Cloud Storage SLAs with CloudProof,” in USENIX Annual Technical Conference, June 2011.

29. Adam Jacobs, “The Pathologies of Big Data,” ACMQueue (http://queue.acm.org/detail.cfm?id=1563874), July 6th, 2009.

30. Gwan-Hwan Hwang and Yu-Cheng Hsiao, “A Security Framework for Decentralized Workflow Management Systems,” Technical Report, National Taiwan Normal University, 2011, http://www.csie.ntnu.edu.tw/~ghhwang/TR/DRA4WfMS_Technical_Report_2011_12_01.pdf.

31. Gwan-Hwan Hwang and Tao-Ku Chang, “An Operational Model and Language Support for Securing XML Documents,” Computers & Security,Volume 23, Issue 6, pp. 498-529, 2004.

32. Gwan-Hwan Hwang and Tao-Ku Chang, “Towards Attribute Encryption and a Generalized Encryption Model for XML,” The 4th International Conference on Internet Computing 2003 (IC'03), Las Vegas, Nevada, USA.

33. OMG, “Business Process Modeling Notation (BPMN) 1.2,” 2009.

34. WFMC, ”Workflow Management Coalition Workflow Standard: Workflow Process Definition Interface – XML Process Definition Language (XPDL) (WFMC-TC-1025),” Technical report, Workflow Management Coalition, Lighthouse Point, Florida, USA, 2002.

35. V. Atluri, S. Chun, and P. Mazzoleni, ”Chinese Wall Security for Decentralized Workflow Management Systems,” Journal of Computer Security, Volume 12, Number 6, 2004.

36. Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber, "Bigtable: A Distributed Storage System for Structured Data," OSDI'06: Seventh Symposium on Operating System Design and Implementation, Seattle, WA, November, 2006.

37. Tom White, “Hadoop: The Definitive Guide,” O'Reilly Media., ISBN 978-1-4493-3877-0, May 10th, 2012.

38. AMAZON, “Amazon S3 Service Level Agreement,” http://aws.amazon.com/s3-sla/.

39. MICROSOFT CORPORATION. “Windows Azure Pricing and Service Agreement,” http://www.microsoft.com/windowsazure/pricng/.

40. Aleš Frece, Gregor Srdić, and Matjaž B. Jurič, “BPM and iBPMS in the Cloud,” Proceedings of the 1st International Conference on CLoud Assisted ServiceS Bled, 25 October 2012.

41. Apache Software Foundation, “Apache ODE,” http://ode.apache.org/.

42. A. Azeez and S. Perera et al., “Multi-Tenant SOA Middle- ware for Cloud Computing,” 3rd IEEE Conference on Cloud Computing, 2010.

43. Tobias Anstett, Frank Leymann, Ralph Mietzner, and Steve Strauch, “Towards BPEL in the Cloud: Exploiting Different Delivery Models for the Execution of Business Processes,” 2009 World Conference on Services – I, pp. 670-677.

44. Han YB, Sun JY, and Wang GL, “A Cloud-based BPM Architecture with User-end Distribution of Non-compute-intensive Activities and Sensitive Data,” JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 25(6): 1157–1167 Nov. 2010.

45. Vinod Muthusamy and Hans-Arno Jacobsen, “BPM in Cloud Architectures: Business Process Management with SLAs and Events,” Business Process Management 2010, Hoboken, NJ, USA, pp. 5-10.

46. Yongqing Zheng, Jinshan Pang, Jian Li, and Li-zhen Cui, “Business Process Oriented Platform-as-a-Service Framework for Process Instances Intensive Applications,” IPDPS Workshops 2012, pp. 2320-2327.

47. Lei Mao, Yongguo Yang, and Hui Xu, “Design and Optimization of Cloud-Oriented Workflow System,” Journal of Software, Volume, 8(1): 251-258 (2013).

48. Fernando Antônio, Aires Lins, Robson W. A. Medeiros, Bruno L. B. Silva, Andre R. R. Souza, David Aragão, Julio C. Damasceno, Paulo Romero Martins Maciel, Nelson Souto Rosa, Bryan Stephenson, and J. Li, “SSC4Cloud Tooling: An Integrated Environment for the Development of Business Processes with Security Requirements in the Cloud,” SERVICES 2011,pp. 53-60.

49. X. Liu, D. Yuan, G. Zhang, J. Chen, and Y. Yang, “SwinDeW-C: a peer-to-peer based cloud workflow system for managing instance intensive applications,” in: Handbook of Cloud Computing, Springer, 2010, pp. 309–332.

50. Huang Hua, Zhang Yi-Lai, and Zhang Min, “A Survey of Cloud Workflow,” Proceedings of the 2nd International Conference On Systems Engineering and Modeling (ICSEM-13), 2013.