A Petri net based safety analysis of workflow authorization models 1

Workflow Management Systems (WFMS) are being widely used today by organizations to coordinate the execution of various applications representing their day-to-day tasks. To ensure that these tasks are executed by authorized users or processes (subjects), and to make sure that authorized subjects gain access on the required objects only during the execution of the specific task, granting and revoking of privileges need to be synchronized with the progression of the workflow through proper authorization mechanisms. Recently, Atluri and Huang have proposed a workflow authorization model (WAM) that provides such synchronization. This paper, first extends WAM to support roles and authorization constraints such as separation of duties. Second, it develops methodologies to analyze the safety of workflow authorization model when authorization constraints are imposed. The analysis is carried out by modeling WAM as a suitable Petri net (PN) and by utilizing the well-established analysis techniques of PNs.