Analyzing Separation of Duties in Petri Net Workflows

  • Konstantin Knorr
  • Harald Weidner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)


With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address secure communication. Another important topic that is often ignored is the separation of duties to prevent fraud within an organization. This paper introduces a model for separation of duties in workflows that have been specified with Petri nets. Rules will be given as facts of a logic program and expressed in propositional logic. The program allows for simulating and analyzing workflows and their security rules during build time.


Logical programming Petri net separation of duties workflow 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van der Aalst, W.M.P.: Verification of Workflow Nets. In: Proc. of Application and Theory of Petri Nets, LNCS 1248, Springer. (1997) 407–426Google Scholar
  2. 2.
    Anonymous: Internal Security, PC Week, 18(2) (May 1985) 89–91Google Scholar
  3. 3.
    Adam, N.R., Atluri, V. and Huang, W.-K.: Modeling and Analysis of Workflows Using Petri Nets. Journal of Intelligent Information Systems (10:2), (March 1998) 131–158CrossRefGoogle Scholar
  4. 4.
    Ahn, G.-J. and Sandhu, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proc. of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, VA, (October 28–29, 1999)Google Scholar
  5. 5.
    Bertino, E., Ferrari, E., and Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. on Inf. and Sys. Sec., 2(1):65–104, (Feb. 1999)CrossRefGoogle Scholar
  6. 6.
    Bussler, C.: Policy Resolution in Workflow Management Systems. Dig. Tech. J., 6(4) (1995)Google Scholar
  7. 7.
    Cichocki, A., Helal, A., Rusinkiewicz, M. and Woelk, D.: Workflow and Process Automation–Concepts and Technology, Kluwer Academic (1998)Google Scholar
  8. 8.
    Clark, D. and Wilson, D.: A Comparison of Commercial and Military Computer Security Policies. In: Proc. of the IEEE Sym. on Sec. and Privacy, Oakland, CA, (1987) 184–194Google Scholar
  9. 9.
    CSI (Computer Security Institute): Issues and Trends — 1999 CSI/FBI Computer Crime and Security Survey,
  10. 10.
    Diaz, D.: GNU Prolog (Version 1.1.2) Manual, Edition 1.1 (November 29, 1999)Google Scholar
  11. 11.
    Georgakopoulos, D., Hornick, M. and Sheth, A.: An Overview of Workflow Management, Distributed and Parallel Databases (3) (1995) 119–153Google Scholar
  12. 12.
    Gligor, V., Gavilla, S., and Ferraiolo, D.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: Proc. of the IEEE Sym. on Sec. and Priv. (1998)Google Scholar
  13. 13.
    Hogger, C.J.: Essentials of Logic Programming, Clarendon Press (1990)Google Scholar
  14. 14.
    Jensen, K.: Coloured Petri Nets — Basic Concepts, Analysis Methods and Practical Use, Volume 1, EATCS Monographs on Theoretical Computer Science, Springer (1992)Google Scholar
  15. 15.
    Kindler, E. and van der Aalst, W.M.P.: Liveness, Fairness, and Recurrence in Petri Nets, Information Processing Letters (70), (1999) 269–274Google Scholar
  16. 16.
    Knorr, K. and Stormer, H.: Modeling and Analyzing Separation of Duties in Workflow Environments, in: Proc. of 16th IFIP/SEC, Paris, France (June 11—13 2001)Google Scholar
  17. 17.
    Knorr, K.: WWW Workflows Based on Petri Nets, in: Proc. of the 9th Intl. Conf. on Information Systems Development, Kristiansand, Norway (2000)Google Scholar
  18. 18.
    Lawrence, L. G.: The Role of Roles, Computers & Security, (12) (1993) 15–21Google Scholar
  19. 19.
    R. O’Keefe: The Craft of Prolog, MIT Press (1990)Google Scholar
  20. 20.
    C.A. Petri: Kommunikation mit Automaten, PhD Thesis, Universität Bonn (1962)Google Scholar
  21. 21.
    Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin (July 2000)Google Scholar
  22. 22.
    Reisig, W.: Petri Nets — An Introduction, Springer (1985)Google Scholar
  23. 23.
    Sandhu, R.: Separation of Duties in Computerized Information Systems. In: Proc. of the IFIP WG 11.3 Workshop on Database Security, Halifax, UK, Sep. 1990Google Scholar
  24. 24.
    Stormer, H., Knorr, K. and Eloff, J.: A Model for Security in Agent-based Workflows. INFORMATIK / INFORMATIQUE. 6 (Dec. 2000) 24–29Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Konstantin Knorr
    • 1
  • Harald Weidner
    • 1
  1. 1.Department of Information TechnologyUniversity of ZurichZurichGermany

Personalised recommendations