Using colored Petri nets to model and analyze workflow with separation of duty constraints View Full Text


Ontology type: schema:ScholarlyArticle     


Article Info

DATE

2007-12-18

AUTHORS

Yahui Lu, Li Zhang, Jiaguang Sun

ABSTRACT

Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected. More... »

PAGES

179-192

References to SciGraph publications

  • 2004-04-07. Petri net-based workflow modelling and analysis of the integrated manufacturing business processes in THE INTERNATIONAL JOURNAL OF ADVANCED MANUFACTURING TECHNOLOGY
  • 2001-05-08. Analyzing Separation of Duties in Petri Net Workflows in INFORMATION ASSURANCE IN COMPUTER NETWORKS
  • 1992. Coloured Petri Nets, Basic Concepts, Analysis Methods and Practical Use Volume 1 in NONE
  • 1998-03. Modeling and Analysis of Workflows Using Petri Nets in JOURNAL OF INTELLIGENT INFORMATION SYSTEMS
  • 1996. An authorization model for workflows in COMPUTER SECURITY — ESORICS 96
  • 2002-01. Authorization and Access Control of Application Data in Workflow Systems in JOURNAL OF INTELLIGENT INFORMATION SYSTEMS
  • 2003-07-03. Supply chain workflow modelling using XML-formatted modular petri nets in THE INTERNATIONAL JOURNAL OF ADVANCED MANUFACTURING TECHNOLOGY
  • 1998. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management in DATABASE SECURITY XI
  • 2004-09-23. Petri net-based workflow modeling for a die and mould manufacturing resource planning system in THE INTERNATIONAL JOURNAL OF ADVANCED MANUFACTURING TECHNOLOGY
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s00170-007-1316-1

    DOI

    http://dx.doi.org/10.1007/s00170-007-1316-1

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1032974272


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information Systems", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People\u2019s Republic of China", 
              "id": "http://www.grid.ac/institutes/grid.12527.33", 
              "name": [
                "Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People\u2019s Republic of China", 
                "Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People\u2019s Republic of China"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Lu", 
            "givenName": "Yahui", 
            "id": "sg:person.011616200146.46", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011616200146.46"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People\u2019s Republic of China", 
              "id": "http://www.grid.ac/institutes/grid.419897.a", 
              "name": [
                "Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People\u2019s Republic of China"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Zhang", 
            "givenName": "Li", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People\u2019s Republic of China", 
              "id": "http://www.grid.ac/institutes/grid.12527.33", 
              "name": [
                "Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People\u2019s Republic of China", 
                "Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People\u2019s Republic of China"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Sun", 
            "givenName": "Jiaguang", 
            "id": "sg:person.011411464635.59", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011411464635.59"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/978-0-387-35285-5_10", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1047326663", 
              "https://doi.org/10.1007/978-0-387-35285-5_10"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45116-1_13", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1008362803", 
              "https://doi.org/10.1007/3-540-45116-1_13"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1023/a:1012972608697", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1006471617", 
              "https://doi.org/10.1023/a:1012972608697"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-06289-0", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1030319245", 
              "https://doi.org/10.1007/978-3-662-06289-0"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1023/a:1008656726700", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1028977478", 
              "https://doi.org/10.1023/a:1008656726700"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00170-004-2089-4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1038894564", 
              "https://doi.org/10.1007/s00170-004-2089-4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00170-003-1994-2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1044861715", 
              "https://doi.org/10.1007/s00170-003-1994-2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00170-003-1561-x", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1045923533", 
              "https://doi.org/10.1007/s00170-003-1561-x"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-61770-1_27", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1046497257", 
              "https://doi.org/10.1007/3-540-61770-1_27"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2007-12-18", 
        "datePublishedReg": "2007-12-18", 
        "description": "Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.", 
        "genre": "article", 
        "id": "sg:pub.10.1007/s00170-007-1316-1", 
        "inLanguage": "en", 
        "isAccessibleForFree": false, 
        "isPartOf": [
          {
            "id": "sg:journal.1043671", 
            "issn": [
              "0268-3768", 
              "1433-3015"
            ], 
            "name": "The International Journal of Advanced Manufacturing Technology", 
            "publisher": "Springer Nature", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "1-2", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "40"
          }
        ], 
        "keywords": [
          "Colored Petri Nets", 
          "SoD constraints", 
          "authorization rules", 
          "execution paths", 
          "Petri nets", 
          "separation of duties", 
          "reachability tree analysis", 
          "workflow environment", 
          "security principles", 
          "duty constraints", 
          "control flow", 
          "CPN model", 
          "design time", 
          "business goals", 
          "workflow", 
          "promising solution", 
          "constraints", 
          "nets", 
          "users", 
          "rules", 
          "deadlock", 
          "correctness", 
          "path", 
          "fraud", 
          "tree analysis", 
          "environment", 
          "collaboration", 
          "error", 
          "model", 
          "goal", 
          "inconsistencies", 
          "solution", 
          "consistence", 
          "method", 
          "organization", 
          "principles", 
          "time", 
          "analysis", 
          "interaction", 
          "flow", 
          "duty", 
          "separation", 
          "paper", 
          "collaborative workflow environments", 
          "consistence of workflow", 
          "latent deadlocks"
        ], 
        "name": "Using colored Petri nets to model and analyze workflow with separation of duty constraints", 
        "pagination": "179-192", 
        "productId": [
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1032974272"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s00170-007-1316-1"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s00170-007-1316-1", 
          "https://app.dimensions.ai/details/publication/pub.1032974272"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2022-01-01T18:16", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-springernature-scigraph/baseset/20220101/entities/gbq_results/article/article_435.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://doi.org/10.1007/s00170-007-1316-1"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s00170-007-1316-1'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s00170-007-1316-1'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s00170-007-1316-1'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s00170-007-1316-1'


     

    This table displays all metadata directly associated to this object as RDF triples.

    157 TRIPLES      22 PREDICATES      80 URIs      63 LITERALS      6 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s00170-007-1316-1 schema:about anzsrc-for:08
    2 anzsrc-for:0806
    3 schema:author Ncae511520c1341c8b12696e1c6cb9bab
    4 schema:citation sg:pub.10.1007/3-540-45116-1_13
    5 sg:pub.10.1007/3-540-61770-1_27
    6 sg:pub.10.1007/978-0-387-35285-5_10
    7 sg:pub.10.1007/978-3-662-06289-0
    8 sg:pub.10.1007/s00170-003-1561-x
    9 sg:pub.10.1007/s00170-003-1994-2
    10 sg:pub.10.1007/s00170-004-2089-4
    11 sg:pub.10.1023/a:1008656726700
    12 sg:pub.10.1023/a:1012972608697
    13 schema:datePublished 2007-12-18
    14 schema:datePublishedReg 2007-12-18
    15 schema:description Workflow provides a promising solution for organizations to achieve their business goals by interactions and collaborations between users. Separation of duty (SoD) is a security principle to prevent fraud and errors in collaborative workflow environments. It is crucial to verify and ensure the correctness and consistence of workflow with SoD constraints during the design time. In this paper, we propose a method to model and analyze workflow with SoD constraints based on colored Petri nets (CPN). The control flow, authorization rules and SoD constraints in a workflow are all represented by CPN and combined into one integrated CPN model. Then the execution paths of this model can be derived by reachability tree analysis. By analyzing these execution paths, some latent deadlocks caused by the inconsistency between authorization rules and SoD constraints can be detected.
    16 schema:genre article
    17 schema:inLanguage en
    18 schema:isAccessibleForFree false
    19 schema:isPartOf Nb36b051c5f6745e0905501795986a5b6
    20 Ne0da2249638c4c2698662e4ee3ef11ef
    21 sg:journal.1043671
    22 schema:keywords CPN model
    23 Colored Petri Nets
    24 Petri nets
    25 SoD constraints
    26 analysis
    27 authorization rules
    28 business goals
    29 collaboration
    30 collaborative workflow environments
    31 consistence
    32 consistence of workflow
    33 constraints
    34 control flow
    35 correctness
    36 deadlock
    37 design time
    38 duty
    39 duty constraints
    40 environment
    41 error
    42 execution paths
    43 flow
    44 fraud
    45 goal
    46 inconsistencies
    47 interaction
    48 latent deadlocks
    49 method
    50 model
    51 nets
    52 organization
    53 paper
    54 path
    55 principles
    56 promising solution
    57 reachability tree analysis
    58 rules
    59 security principles
    60 separation
    61 separation of duties
    62 solution
    63 time
    64 tree analysis
    65 users
    66 workflow
    67 workflow environment
    68 schema:name Using colored Petri nets to model and analyze workflow with separation of duty constraints
    69 schema:pagination 179-192
    70 schema:productId N59150334266845d6b4f557fcc08fff61
    71 N6cf083737da34042831855200f7f6be0
    72 schema:sameAs https://app.dimensions.ai/details/publication/pub.1032974272
    73 https://doi.org/10.1007/s00170-007-1316-1
    74 schema:sdDatePublished 2022-01-01T18:16
    75 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    76 schema:sdPublisher Nb78467dd7ee44fdcbfaf939820f4b39a
    77 schema:url https://doi.org/10.1007/s00170-007-1316-1
    78 sgo:license sg:explorer/license/
    79 sgo:sdDataset articles
    80 rdf:type schema:ScholarlyArticle
    81 N59150334266845d6b4f557fcc08fff61 schema:name dimensions_id
    82 schema:value pub.1032974272
    83 rdf:type schema:PropertyValue
    84 N6cf083737da34042831855200f7f6be0 schema:name doi
    85 schema:value 10.1007/s00170-007-1316-1
    86 rdf:type schema:PropertyValue
    87 Nb36b051c5f6745e0905501795986a5b6 schema:issueNumber 1-2
    88 rdf:type schema:PublicationIssue
    89 Nb78467dd7ee44fdcbfaf939820f4b39a schema:name Springer Nature - SN SciGraph project
    90 rdf:type schema:Organization
    91 Ncae511520c1341c8b12696e1c6cb9bab rdf:first sg:person.011616200146.46
    92 rdf:rest Nd41228c4d04b464e87fe8c5d689aaca5
    93 Nd41228c4d04b464e87fe8c5d689aaca5 rdf:first Ne7d107013aa64b5b912fa957a496886d
    94 rdf:rest Ndd2839cb5c6d401a9f1598450c0091dd
    95 Ndd2839cb5c6d401a9f1598450c0091dd rdf:first sg:person.011411464635.59
    96 rdf:rest rdf:nil
    97 Ne0da2249638c4c2698662e4ee3ef11ef schema:volumeNumber 40
    98 rdf:type schema:PublicationVolume
    99 Ne7d107013aa64b5b912fa957a496886d schema:affiliation grid-institutes:grid.419897.a
    100 schema:familyName Zhang
    101 schema:givenName Li
    102 rdf:type schema:Person
    103 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    104 schema:name Information and Computing Sciences
    105 rdf:type schema:DefinedTerm
    106 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
    107 schema:name Information Systems
    108 rdf:type schema:DefinedTerm
    109 sg:journal.1043671 schema:issn 0268-3768
    110 1433-3015
    111 schema:name The International Journal of Advanced Manufacturing Technology
    112 schema:publisher Springer Nature
    113 rdf:type schema:Periodical
    114 sg:person.011411464635.59 schema:affiliation grid-institutes:grid.12527.33
    115 schema:familyName Sun
    116 schema:givenName Jiaguang
    117 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011411464635.59
    118 rdf:type schema:Person
    119 sg:person.011616200146.46 schema:affiliation grid-institutes:grid.12527.33
    120 schema:familyName Lu
    121 schema:givenName Yahui
    122 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011616200146.46
    123 rdf:type schema:Person
    124 sg:pub.10.1007/3-540-45116-1_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008362803
    125 https://doi.org/10.1007/3-540-45116-1_13
    126 rdf:type schema:CreativeWork
    127 sg:pub.10.1007/3-540-61770-1_27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1046497257
    128 https://doi.org/10.1007/3-540-61770-1_27
    129 rdf:type schema:CreativeWork
    130 sg:pub.10.1007/978-0-387-35285-5_10 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047326663
    131 https://doi.org/10.1007/978-0-387-35285-5_10
    132 rdf:type schema:CreativeWork
    133 sg:pub.10.1007/978-3-662-06289-0 schema:sameAs https://app.dimensions.ai/details/publication/pub.1030319245
    134 https://doi.org/10.1007/978-3-662-06289-0
    135 rdf:type schema:CreativeWork
    136 sg:pub.10.1007/s00170-003-1561-x schema:sameAs https://app.dimensions.ai/details/publication/pub.1045923533
    137 https://doi.org/10.1007/s00170-003-1561-x
    138 rdf:type schema:CreativeWork
    139 sg:pub.10.1007/s00170-003-1994-2 schema:sameAs https://app.dimensions.ai/details/publication/pub.1044861715
    140 https://doi.org/10.1007/s00170-003-1994-2
    141 rdf:type schema:CreativeWork
    142 sg:pub.10.1007/s00170-004-2089-4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038894564
    143 https://doi.org/10.1007/s00170-004-2089-4
    144 rdf:type schema:CreativeWork
    145 sg:pub.10.1023/a:1008656726700 schema:sameAs https://app.dimensions.ai/details/publication/pub.1028977478
    146 https://doi.org/10.1023/a:1008656726700
    147 rdf:type schema:CreativeWork
    148 sg:pub.10.1023/a:1012972608697 schema:sameAs https://app.dimensions.ai/details/publication/pub.1006471617
    149 https://doi.org/10.1023/a:1012972608697
    150 rdf:type schema:CreativeWork
    151 grid-institutes:grid.12527.33 schema:alternateName Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People’s Republic of China
    152 schema:name Department of Computer Science and Technology, Tsinghua University, 100084, Beijing, People’s Republic of China
    153 Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People’s Republic of China
    154 rdf:type schema:Organization
    155 grid-institutes:grid.419897.a schema:alternateName Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People’s Republic of China
    156 schema:name Key Laboratory for Information System Security, Ministry of Education China, School of Software, Tsinghua University, 100084, Beijing, People’s Republic of China
    157 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...