An authorization model for workflows

  • Vijayalakshmi Atluri
  • Wei-Kuang Huang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1146)


Workflows represent processes in manufacturing and office environments that typically consist of several well-defined activities (known as tasks). To ensure that these tasks are executed by authorized users or processes (subjects), proper authorization mechanisms must be in place. Moreover, to make sure that authorized subjects gain access on the required objects only during the execution of the specific task, granting and revoking of privileges need to be synchronized with the progression of the workflow. A predefined specification of the privileges often allows access for more than the time required, thus, though a subject completes the task or have not yet begun the task, it may still possess privileges to access the objects, resulting in compromising security.

In this paper, we propose a Workflow Authorization Model (WAM) that is capable of specifying authorizations in such a way that subjects gain access to required objects only during the execution of the task, thus synchronizing the authorization flow with the workflow. To achieve this synchronization, we associate an Authorization Template (AT) with each task, which allows appropriate authorizations to be granted only when the task starts and to revoke them when the task finishes. In this paper, we also present a model of implementation based on Petri nets and show how this synchronization can be implemented. Because the theoretical aspects of Petri nets have been extensively studied and due to their strong mathematical foundation, a Petri net representation of an authorization model serves as a good tool for conducting safety analysis since the safety problem in the authorization model is equivalent to the reachability problem in Petri nets.

Key Words

Security Authorization Workflow Petri nets 


  1. 1.
    Vijayalakshmi Atluri and Wei-Kuang Huang. An extended petri net model for supporting workflows in a multilevel secure environment. In Proc. of the 10th IFIP WG 11.3 Workshop on Database Security, July 1996.Google Scholar
  2. 2.
    Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. A temporal access control mechanism for database systems. IEEE Transactions on Knowledge and Data Engineering, 8(1):67–80, 1996.Google Scholar
  3. 3.
    Elisa Bertino, Pierangela Samarati, and Sushil Jajodia. Authorizations in relational database management systems. In Proc. First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.Google Scholar
  4. 4.
    Elisa Bertino, Pierangela Samarati, and Sushil Jajodia. High assurance discretionary access control for object bases. In Proc. First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.Google Scholar
  5. 5.
    J. Biskup and C. Eckert. About the enforcement of state dependent security specifications. In Proc. of the 7th IFIP WG 11.3 Workshop on Database Security, pages 3–17, August 1993.Google Scholar
  6. 6.
    David D. Clark and David R. Wilson. A comparison of commercial and military computer security policies. In Proc. IEEE Symposium on Security and Privacy, pages 184–194, Oakland, California, April 1987.Google Scholar
  7. 7.
    Rene David and Hassane Alla. Petri Nets and Grafcet — Tools for modeling discrete event systems. Prentice Hall, 1992.Google Scholar
  8. 8.
    E. B. Fernandez, E. Gudes, and H. Song. A security model for object-oriented databases. Proc. IEEE Symposium on Security and Privacy, pages 110–115, May 1989.Google Scholar
  9. 9.
    Dimitrios Georgakopoulos, Mark Hornick, and Amit Sheth. An overview of workflow management: From process modeling to workflow automation infrastructure. Distributed and Parallel Databases, pages 119–153, 1995.Google Scholar
  10. 10.
    K. Jensen. Colour petri nets: A high level language for system design and analysis. In K.Jensen and G. Rozenberg, editors, High-level Petri Nets — Theory and Application, pages 44–119. Springer-Verlag, Lecture Notes in Computer Science, 1991.Google Scholar
  11. 11.
    D. Johnscher and K.R. Dittrich. Argos — A configurable access control system for interoperable environments. In Proc. of the 9th IFIP WG 11.3 Workshop on Database Security, pages 39–63, August 1995.Google Scholar
  12. 12.
    S. R. Kosaraju. Decidability and reachability in vector addition systems. In Proc. of the 14th ACM Symposium on Theory of Computing, pages 267–281, May 1982.Google Scholar
  13. 13.
    Lotus Corporation. Lotus Notes Administrator's Reference Manual, Release 4, 1996.Google Scholar
  14. 14.
    Raul Medina-Mora, Harry K.T. Wong, and Pablo Flores. Action Workflowt m as the enterprise integration technology. Bulletin of IEEE Technical Committee on Data Engineering, 16(2):49–52, 1993.Google Scholar
  15. 15.
    S. Morasca, M. Pezzè, and M. Trubian. Timed high-level nets. Journal of Real-Time Systems, 3:165–89, 1991.Google Scholar
  16. 16.
    Tadao Murata. Petri nets: Properties, analysis and applications. Proceedings of the IEEE, 77(4):541–580, April 1989.Google Scholar
  17. 17.
    F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM Trans. on Database Systems, 16(1):88–131, March 1991.Google Scholar
  18. 18.
    Pierangela Samarati, Paul Ammann, and Sushil Jajodia. Propagation of authorizations in distributed database systems. In Proc. Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994.Google Scholar
  19. 19.
    Ravi S. Sandhu. Transaction control expressions for separation of duties. In Fourth Computer Security Applications Conference, pages 282–286, 1988.Google Scholar
  20. 20.
    Ravi S. Sandhu. Separation of duties in computerized information systems. In Sushil Jajodia and Carl Landwehr, editors, Database Security, IV: Status and Prospects, pages 179–189. North Holland, 1991.Google Scholar
  21. 21.
    Ravi S. Sandhu. Role-based access control models. IEEE Computer, pages 38–47, February 1996.Google Scholar
  22. 22.
    Ravi S. Sandhu and Gurpreet S. Suri. Non-monotonic transformation of access rights. In Proc. IEEE Symposium on Security and Privacy, pages 148–161, Oakland, California, May 1992.Google Scholar
  23. 23.
    W.M.P van der Aalst. Interval timed coloured petri nets and their analysis. In Application and Theory of Petri Nets 1993, Proc. 14th International Conference, volume 691, pages 453–472, Chicago, (USA), 1993. Springer-Verlag, Lecture Notes in Computer Science.Google Scholar
  24. 24.
    K.M. van Hee, L.J. Somers, and M. Voorhoeve. Executable specifications for distributed information systems. In E.D. Falkenberg and P. Lindgreen, editors, Proc. of the IFIP TC 8/WG 8.1 Working Conference on Information System Concepts: An In-depth Analysis, volume 691, pages 139–156, Namur, (Belgium), 1989. Elsevier Science Publishers, Amsterdam.Google Scholar
  25. 25.
    Thomas Y.C. Woo and Simon S. Lam. Authorization in distributed systems: A formal approach. In Proc. IEEE Symposium on Security and Privacy, pages 33–50, Oakland, California, May 1992.Google Scholar
  26. 26.
    William A. Wulf, Roy Levin, and Samuel P. Harbison. HYDRA/C.mmp, An Experimental Computer System. McGraw-Hill, 1981.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Vijayalakshmi Atluri
    • 1
    • 2
  • Wei-Kuang Huang
    • 1
    • 2
  1. 1.Center for Information Management, Integration, and Connectivity (CIMIC)Rutgers UniversityNewark
  2. 2.MS/CIS DepartmentRutgers UniversityNewark

Personalised recommendations