Abstract
With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address secure communication. Another important topic that is often ignored is the separation of duties to prevent fraud within an organization. This paper introduces a model for separation of duties in workflows that have been specified with Petri nets. Rules will be given as facts of a logic program and expressed in propositional logic. The program allows for simulating and analyzing workflows and their security rules during build time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
van der Aalst, W.M.P.: Verification of Workflow Nets. In: Proc. of Application and Theory of Petri Nets, LNCS 1248, Springer. (1997) 407–426
Anonymous: Internal Security, PC Week, 18(2) (May 1985) 89–91
Adam, N.R., Atluri, V. and Huang, W.-K.: Modeling and Analysis of Workflows Using Petri Nets. Journal of Intelligent Information Systems (10:2), (March 1998) 131–158
Ahn, G.-J. and Sandhu, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proc. of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, VA, (October 28–29, 1999)
Bertino, E., Ferrari, E., and Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. on Inf. and Sys. Sec., 2(1):65–104, (Feb. 1999)
Bussler, C.: Policy Resolution in Workflow Management Systems. Dig. Tech. J., 6(4) (1995)
Cichocki, A., Helal, A., Rusinkiewicz, M. and Woelk, D.: Workflow and Process Automation–Concepts and Technology, Kluwer Academic (1998)
Clark, D. and Wilson, D.: A Comparison of Commercial and Military Computer Security Policies. In: Proc. of the IEEE Sym. on Sec. and Privacy, Oakland, CA, (1987) 184–194
CSI (Computer Security Institute): Issues and Trends — 1999 CSI/FBI Computer Crime and Security Survey, http://www.gocsi.com/summary.htm
Diaz, D.: GNU Prolog (Version 1.1.2) Manual, Edition 1.1 (November 29, 1999)
Georgakopoulos, D., Hornick, M. and Sheth, A.: An Overview of Workflow Management, Distributed and Parallel Databases (3) (1995) 119–153
Gligor, V., Gavilla, S., and Ferraiolo, D.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: Proc. of the IEEE Sym. on Sec. and Priv. (1998)
Hogger, C.J.: Essentials of Logic Programming, Clarendon Press (1990)
Jensen, K.: Coloured Petri Nets — Basic Concepts, Analysis Methods and Practical Use, Volume 1, EATCS Monographs on Theoretical Computer Science, Springer (1992)
Kindler, E. and van der Aalst, W.M.P.: Liveness, Fairness, and Recurrence in Petri Nets, Information Processing Letters (70), (1999) 269–274
Knorr, K. and Stormer, H.: Modeling and Analyzing Separation of Duties in Workflow Environments, in: Proc. of 16th IFIP/SEC, Paris, France (June 11—13 2001)
Knorr, K.: WWW Workflows Based on Petri Nets, in: Proc. of the 9th Intl. Conf. on Information Systems Development, Kristiansand, Norway (2000)
Lawrence, L. G.: The Role of Roles, Computers & Security, (12) (1993) 15–21
R. O’Keefe: The Craft of Prolog, MIT Press (1990)
C.A. Petri: Kommunikation mit Automaten, PhD Thesis, Universität Bonn (1962)
Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin (July 2000)
Reisig, W.: Petri Nets — An Introduction, Springer (1985)
Sandhu, R.: Separation of Duties in Computerized Information Systems. In: Proc. of the IFIP WG 11.3 Workshop on Database Security, Halifax, UK, Sep. 1990
Stormer, H., Knorr, K. and Eloff, J.: A Model for Security in Agent-based Workflows. INFORMATIK / INFORMATIQUE. 6 (Dec. 2000) 24–29
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knorr, K., Weidner, H. (2001). Analyzing Separation of Duties in Petri Net Workflows. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_13
Download citation
DOI: https://doi.org/10.1007/3-540-45116-1_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42103-0
Online ISBN: 978-3-540-45116-7
eBook Packages: Springer Book Archive