Using colored Petri nets to model and analyze workflow with separation of duty constraints
- First Online:
- 151 Downloads
Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.
KeywordsWorkflow Separation of duty Colored Petri nets Authorization
Unable to display preview. Download preview PDF.
- 1.WfMC (1995) Workflow management coalition: The workflow reference model. WF-TC00-1003, January, 1995Google Scholar
- 2.WfMC (1998) Workflow security considerations - white paper. WF-TC-1019, Febrary, 1998Google Scholar
- 3.Clark DD, Wilson DR (1997) A comparison of commercial and military computer security policies. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, USA, April, 1987, pp 184–195Google Scholar
- 4.Sandhu RS (1990) Separation of duties in computerized information systems. In: Proceedings of IFIP WG11.3 Workshop on Database Security, Halifax, UK, September, 1990, pp 179–190Google Scholar
- 6.Jensen K (1992) Coloured Petri nets - basic concepts, analysis methods and practical use. Volume 1, EATCS Monographs on Theoretical Computer Science, Springer, Berlin Heidelberg New YorkGoogle Scholar
- 10.Atluri V, Huang WK (1996) An authorization model for workflows. In: Proceedings of the Fourth European Symposium on Research in Computer Security, Rome, Italy, September, 1996, pp 44–64Google Scholar
- 11.Thomas RK, Sandhu RS (1997) Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, USA, August, 1997, pp 166–181Google Scholar
- 12.Knorr K (2000) Dynamic access control through Petri net workflows. In: Proceedings of the 16th Annual Computer Security Applications Conference, New Orleans, USA, December, 2000, pp 159–167Google Scholar
- 14.Atluri V, Huang WK (2000) A Petri net-based safety analysis of workflow authorization models. J Comput Secur 8(2/3):209–240Google Scholar
- 16.Knorr K, Weidner H (2001) Analyzing separation of duties in Petri net workflows. In: Proceedings of Information Assurance in Computer Networks, Petersburg, Russia, May, 2001, pp 102–114Google Scholar