The International Journal of Advanced Manufacturing Technology

, Volume 40, Issue 1, pp 179–192

Using colored Petri nets to model and analyze workflow with separation of duty constraints

Authors

    • Key Laboratory for Information System Security, Ministry of Education China, School of SoftwareTsinghua University
    • Department of Computer Science and TechnologyTsinghua University
  • Li Zhang
    • Key Laboratory for Information System Security, Ministry of Education China, School of SoftwareTsinghua University
  • Jiaguang Sun
    • Key Laboratory for Information System Security, Ministry of Education China, School of SoftwareTsinghua University
    • Department of Computer Science and TechnologyTsinghua University
ORIGINAL ARTICLE

DOI: 10.1007/s00170-007-1316-1

Cite this article as:
Lu, Y., Zhang, L. & Sun, J. Int J Adv Manuf Technol (2009) 40: 179. doi:10.1007/s00170-007-1316-1

Abstract

Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.

Keywords

WorkflowSeparation of dutyColored Petri netsAuthorization
Download to read the full article text

Copyright information

© Springer-Verlag London Limited 2007