Skip to main content
SpringerLink
Log in

Analyzing Separation of Duties in Petri Net Workflows

  • Conference paper
  • First Online:
Information Assurance in Computer Networks (MMM-ACNS 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2052))

Abstract

With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address secure communication. Another important topic that is often ignored is the separation of duties to prevent fraud within an organization. This paper introduces a model for separation of duties in workflows that have been specified with Petri nets. Rules will be given as facts of a logic program and expressed in propositional logic. The program allows for simulating and analyzing workflows and their security rules during build time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. van der Aalst, W.M.P.: Verification of Workflow Nets. In: Proc. of Application and Theory of Petri Nets, LNCS 1248, Springer. (1997) 407–426

    Google Scholar 

  2. Anonymous: Internal Security, PC Week, 18(2) (May 1985) 89–91

    Google Scholar 

  3. Adam, N.R., Atluri, V. and Huang, W.-K.: Modeling and Analysis of Workflows Using Petri Nets. Journal of Intelligent Information Systems (10:2), (March 1998) 131–158

    Article  Google Scholar 

  4. Ahn, G.-J. and Sandhu, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proc. of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, VA, (October 28–29, 1999)

    Google Scholar 

  5. Bertino, E., Ferrari, E., and Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. on Inf. and Sys. Sec., 2(1):65–104, (Feb. 1999)

    Article  Google Scholar 

  6. Bussler, C.: Policy Resolution in Workflow Management Systems. Dig. Tech. J., 6(4) (1995)

    Google Scholar 

  7. Cichocki, A., Helal, A., Rusinkiewicz, M. and Woelk, D.: Workflow and Process Automation–Concepts and Technology, Kluwer Academic (1998)

    Google Scholar 

  8. Clark, D. and Wilson, D.: A Comparison of Commercial and Military Computer Security Policies. In: Proc. of the IEEE Sym. on Sec. and Privacy, Oakland, CA, (1987) 184–194

    Google Scholar 

  9. CSI (Computer Security Institute): Issues and Trends — 1999 CSI/FBI Computer Crime and Security Survey, http://www.gocsi.com/summary.htm

  10. Diaz, D.: GNU Prolog (Version 1.1.2) Manual, Edition 1.1 (November 29, 1999)

    Google Scholar 

  11. Georgakopoulos, D., Hornick, M. and Sheth, A.: An Overview of Workflow Management, Distributed and Parallel Databases (3) (1995) 119–153

    Google Scholar 

  12. Gligor, V., Gavilla, S., and Ferraiolo, D.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: Proc. of the IEEE Sym. on Sec. and Priv. (1998)

    Google Scholar 

  13. Hogger, C.J.: Essentials of Logic Programming, Clarendon Press (1990)

    Google Scholar 

  14. Jensen, K.: Coloured Petri Nets — Basic Concepts, Analysis Methods and Practical Use, Volume 1, EATCS Monographs on Theoretical Computer Science, Springer (1992)

    Google Scholar 

  15. Kindler, E. and van der Aalst, W.M.P.: Liveness, Fairness, and Recurrence in Petri Nets, Information Processing Letters (70), (1999) 269–274

    Google Scholar 

  16. Knorr, K. and Stormer, H.: Modeling and Analyzing Separation of Duties in Workflow Environments, in: Proc. of 16th IFIP/SEC, Paris, France (June 11—13 2001)

    Google Scholar 

  17. Knorr, K.: WWW Workflows Based on Petri Nets, in: Proc. of the 9th Intl. Conf. on Information Systems Development, Kristiansand, Norway (2000)

    Google Scholar 

  18. Lawrence, L. G.: The Role of Roles, Computers & Security, (12) (1993) 15–21

    Google Scholar 

  19. R. O’Keefe: The Craft of Prolog, MIT Press (1990)

    Google Scholar 

  20. C.A. Petri: Kommunikation mit Automaten, PhD Thesis, Universität Bonn (1962)

    Google Scholar 

  21. Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin (July 2000)

    Google Scholar 

  22. Reisig, W.: Petri Nets — An Introduction, Springer (1985)

    Google Scholar 

  23. Sandhu, R.: Separation of Duties in Computerized Information Systems. In: Proc. of the IFIP WG 11.3 Workshop on Database Security, Halifax, UK, Sep. 1990

    Google Scholar 

  24. Stormer, H., Knorr, K. and Eloff, J.: A Model for Security in Agent-based Workflows. INFORMATIK / INFORMATIQUE. 6 (Dec. 2000) 24–29

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, University of Zurich, CH-8057, Zurich, Germany

    Konstantin Knorr & Harald Weidner

Authors
  1. Konstantin Knorr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harald Weidner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), SPIIRAS, 39, 14th Liniya, St. Petersburg, Russia, 199178

    Vladimir I. Gorodetski

  2. Watson Schoolof Engineering, Binghamton University, Binghamton, NY, 13902, USA

    Victor A. Skormin

  3. Air Force Research Laboratory, Defensive Information Warfare Branch, 525 Brooks Road, Rome, NY, 13441-4505, Italy

    Leonard J. Popyack

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Knorr, K., Weidner, H. (2001). Analyzing Separation of Duties in Petri Net Workflows. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_13

Download citation

  • DOI: https://doi.org/10.1007/3-540-45116-1_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42103-0

  • Online ISBN: 978-3-540-45116-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation