Abstract
Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.
Similar content being viewed by others
References
WfMC (1995) Workflow management coalition: The workflow reference model. WF-TC00-1003, January, 1995
WfMC (1998) Workflow security considerations - white paper. WF-TC-1019, Febrary, 1998
Clark DD, Wilson DR (1997) A comparison of commercial and military computer security policies. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, USA, April, 1987, pp 184–195
Sandhu RS (1990) Separation of duties in computerized information systems. In: Proceedings of IFIP WG11.3 Workshop on Database Security, Halifax, UK, September, 1990, pp 179–190
Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77(4):541–580
Jensen K (1992) Coloured Petri nets - basic concepts, analysis methods and practical use. Volume 1, EATCS Monographs on Theoretical Computer Science, Springer, Berlin Heidelberg New York
van der Aalst WMP (1998) The application of Petri nets to workflow management. J Circuits Syst Comput 8(1):21–66
Adam NR, Atluri V, Huang WK (1998) Modeling and analysis of workflows using Petri nets. J Intell Inf Syst 10(2):131–158
Dong M, Chen FF (2005) Petri net-based workflow modelling and analysis of the integrated manufacturing business processes. Int J Adv Manuf Tech 26(9/10):1163–1172
Atluri V, Huang WK (1996) An authorization model for workflows. In: Proceedings of the Fourth European Symposium on Research in Computer Security, Rome, Italy, September, 1996, pp 44–64
Thomas RK, Sandhu RS (1997) Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, USA, August, 1997, pp 166–181
Knorr K (2000) Dynamic access control through Petri net workflows. In: Proceedings of the 16th Annual Computer Security Applications Conference, New Orleans, USA, December, 2000, pp 159–167
Wu SL, Sheth A, Miller J, Luo ZW (2002) Authorization and access control of application data in workflow systems. J Intell Inf Syst 18(1):71–94
Atluri V, Huang WK (2000) A Petri net-based safety analysis of workflow authorization models. J Comput Secur 8(2/3):209–240
Bertino E, Ferrari E, Atluri V (1999) An authorization model for supporting the specification and enforcement of authorization constraints in workflow management systems. ACM T Inform Syst Secur 2(1):65–104
Knorr K, Weidner H (2001) Analyzing separation of duties in Petri net workflows. In: Proceedings of Information Assurance in Computer Networks, Petersburg, Russia, May, 2001, pp 102–114
Liu DR, Wu MR, Lee ST (2004) Role-based authorizations for workflow systems in support of task-based separation of duty. J Syst Software 73(3):375–387
Oh S, Park S (2003) Task-role-based access control models. Inform Syst 28(6):533–562
Fung RYK, Au YM, Jiang ZB, Lau HCW (2003) Supply chain workflow modelling using XML-formatted modular Petri nets. Int J Adv Manuf Tech 22(7–8):587–601
Yang N, Lou ZL, Zhou XH (2005) Petri net-based workflow modeling for a die and mould manufacturing resource planning system. Int J Adv Manuf Tech 26(4):366–371
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lu, Y., Zhang, L. & Sun, J. Using colored Petri nets to model and analyze workflow with separation of duty constraints. Int J Adv Manuf Technol 40, 179–192 (2009). https://doi.org/10.1007/s00170-007-1316-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00170-007-1316-1