Using colored Petri nets to model and analyze workflow with separation of duty constraints


DOI: 10.1007/s00170-007-1316-1

Cite this article as:
Lu, Y., Zhang, L. & Sun, J. Int J Adv Manuf Technol (2009) 40: 179. doi:10.1007/s00170-007-1316-1


Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.


Workflow Separation of duty Colored Petri nets Authorization 

Copyright information

© Springer-Verlag London Limited 2007

Authors and Affiliations

  1. 1.Key Laboratory for Information System Security, Ministry of Education China, School of SoftwareTsinghua UniversityBeijingPeople’s Republic of China
  2. 2.Department of Computer Science and TechnologyTsinghua UniversityBeijingPeople’s Republic of China

Personalised recommendations