Analyzing Separation of Duties in Petri Net Workflows

With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address secure communication. Another important topic that is often ignored is the separation of duties to prevent fraud within an organization. This paper introduces a model for separation of duties in workflows that have been specified with Petri nets. Rules will be given as facts of a logic program and expressed in propositional logic. The program allows for simulating and analyzing workflows and their security rules during build time.

[1]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[4]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[5]  Kurt Jensen,et al.  Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1 , 1996 .

[6]  H. Van Dyke Parunak,et al.  The Role of Roles , 2003, J. Object Technol..

[7]  Christoph Bussler,et al.  Policy resolution for workflow management systems , 1994, Proceedings of the Twenty-Eighth Annual Hawaii International Conference on System Sciences.

[8]  ShethAmit,et al.  An overview of workflow management , 1995 .

[9]  Konstantin Knorr,et al.  WWW Workflows Based on Petri Nets , 2001 .

[10]  Andrzej Cichocki,et al.  Workflow and Process Automation: Concepts and Technology , 1997 .

[11]  Henrik Stormer,et al.  Modeling and Analyzing Separation of Duties in Workflow Environments , 2001, SEC.

[12]  Ekkart Kindler,et al.  Liveness, Fairness, and Recurrence in Petri Nets , 1999, Inf. Process. Lett..

[13]  Christopher John Hogger,et al.  Essentials of logic programming , 1990 .

[14]  Andrzej Cichocki,et al.  Workflow and Process Automation , 1998 .

[15]  Wil M. P. van der Aalst,et al.  Verification of Workflow Nets , 1997, ICATPN.

[16]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[17]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[18]  Richard A. O'Keefe,et al.  The Craft of Prolog , 1990 .

[19]  C. Petri Kommunikation mit Automaten , 1962 .

[20]  R. Power CSI/FBI computer crime and security survey , 2001 .

[21]  Kurt Jensen,et al.  Coloured Petri Nets , 1997, Monographs in Theoretical Computer Science An EATCS Series.

[22]  Jan H. P. Eloff,et al.  A Model for Security in Agent-based Workflows , 2000 .