In: Journal of Network and Systems Management, Vol. 12, No. 4, pages 507-535. 2004.
Abstract: The administration of authorizations in an organization is a complex task. To ensure that tasks constituting the business processes are performed by authorized users, a proper authorization mechanism is required. Alturi and Huang have proposed a workflow authorization model and presented a color-timed Petri net based representation of their model. In this paper, we extend their model by using the colored Petri net formalism to model authorization management, security constraints like separation of duties, and role hierarchy in an elegant way to establish an integrated authorization management model. One of the great advantages of using Petri net formalism for system modeling is its strong mathematical foundation and the availability of a rich set of analysis techniques. Therefore, we will show in this paper the use of linear algebraic technique to analyze the reachable authorization states, and coverability graph to calculate the valid execution chains against the colored Petri net based workflow authorization management model.
Keywords: Security constraint; separation of duties; colored Petri net; role hierarchy; reachable authorization states; valid execution chain.