ORIGINAL ARTICLE

The International Journal of Advanced Manufacturing Technology

, Volume 40, Issue 1, pp 179-192

First online:

Using colored Petri nets to model and analyze workflow with separation of duty constraints

  • Yahui LuAffiliated withKey Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua UniversityDepartment of Computer Science and Technology, Tsinghua University Email author 
  • , Li ZhangAffiliated withKey Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University
  • , Jiaguang SunAffiliated withKey Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua UniversityDepartment of Computer Science and Technology, Tsinghua University

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.

Keywords

Workflow Separation of duty Colored Petri nets Authorization