Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Properties of Plain, Pure, and Safe Petri Nets Read chapter Read first chapter

2017 | OriginalPaper | Chapter

Log- and Model-Based Techniques for Security-Sensitive Tackling of Obstructed Workflow Executions

Authors : Julius Holderer, Josep Carmona, Farbod Taymouri, Günter Müller

Published in: Transactions on Petri Nets and Other Models of Concurrency XII

Publisher: Springer Berlin Heidelberg

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Imposing access control onto workflows considerably reduces the set of users authorized to execute the workflow tasks. Further constraints (e.g. Separation of Duties) as well as unexpected unavailability of users may finally obstruct the successful workflow execution. To still complete the execution of an obstructed workflow, we envisage a hybrid approach. We first flatten the workflow and its authorizations into a Petri net and analyse for or encode the obstruction with a corresponding “obstruction marking”. If a log is provided, we partition its traces into “successful” or “obstructed” by replaying the log on the flattened net. An obstruction should then be solved by finding its nearest match from the list of successful traces. If no log is provided, the structural theory of Petri nets shall be used to provide a minimized Parikh vector, that may violate given firing rules, but reach a complete marking and by that, complete the workflow.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Similarity-Based Approaches for Determining the Number of Trace Clusters in Process Discovery
next chapter Formal Modelling and Analysis of Distributed Storage Systems
Footnotes
1
\(m_{live}\) can be computed from \(m_{obs}\) and \(\varDelta \).
 
3
We omit the cancellation transitions here for the sake of clarity.
 
Literature
1.
Accorsi, R.: Sicherheit im Prozessmanagement. digma Zeitschrift für Datenrecht und Informationssicherheit (2013)
2.
Basin, D.A., Burri, S.J., Karjoth, G.: Obstruction-free authorization enforcement: aligning security with business objectives. In: CSF, pp. 99–113. IEEE Computer Society (2011)
3.
Basin, D.A., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: Atluri, V., Vaidya, J., Kern, A., Kantarcioglu, M. (eds.) SACMAT, pp. 93–102. ACM (2012)
4.
Bishop, M.: Introduction to Computer Security. Addison-Wesley Professional, Reading (2004)
5.
Botha, R., Eloff, J.: Separation of duties for access control enforcement in workflow environments. IBM Syst. J. 40(3), 666–682 (2001)CrossRef
6.
Burri, S.J.: Modeling and enforcing workflow authorizations. Ph.D. thesis, ETH, Zürich (2012)
7.
Carmona, J., Colom, J.M., Cortadella, J., García-Vallés, F.: Synthesis of asynchronous controllers using integer linear programming. IEEE Trans. CAD Integr. Circuits Syst. 25(9), 1637–1651 (2006)
8.
Clark, N., Jolly, D.: Societe generale loses $7 billion in trading fraud (2008)
9.
Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inform. Theory 13(1), 21–27 (1967)CrossRefMATH
10.
Crampton, J., Gutin, G.: Constraint expressions and workflow satisfiability. In: Conti, M., Vaidya, J., Schaad, A. (eds.) SACMAT, pp. 73–84. ACM (2013)
11.
Crampton, J., Morisset, C.: An auto-delegation mechanism for access control systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 1–16. Springer, Heidelberg (2011). doi:10.​1007/​978-3-642-22444-7_​1 CrossRef
12.
Desel, J., Esparza, J.: Reachability in cyclic extended free-choice systems. TCS 114, Elsevier Science Publishers B.V. (1993)
13.
Dijkman, R.M., Dumas, M., Ouyang, C.: Semantics and analysis of business process models in BPMN. Inf. Softw. Technol. 50(12), 1281–1294 (2008)CrossRef
14.
Esparza, J., Melzer, S.: Verification of safety properties using integer programming: beyond the state equation. Formal Methods Syst. Des. 16, 159–189 (2000)CrossRef
15.
Inc. Gurobi Optimization. Gurobi optimizer reference manual (2016)
16.
Holderer, J., Accorsi, R., Müller, G.: When four-eyes become too much: a survey on the interplay of authorization constraints and workflow resilience. In: Wainwright, R.L., Corchado, J.M., Bechini, A., Hong, J. (eds.) Proceedings of the 30th Annual ACM Symposium on Applied Computing, Salamanca, Spain, 13–17 April 2015, pp. 1245–1248. ACM (2015)
17.
18.
Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inform. Softw. Technol. 56(3), 273–293 (2014)CrossRef
19.
Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–574 (1989)CrossRef
20.
Accorsi, R., Holderer, J., Stocker, T., Zahoransky, R.M.: Security workflow analysis toolkit. In: Katzenbeisser, S., Lotz, V., Weippl, E.R. (eds.) Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19–21 März 2014, Wien, Österreich, vol. 228. LNI, pp. 433–442. GI (2014)
21.
Rozinat, A., van der Aalst, W.M.P.: Conformance checking of processes based on monitoring real behavior. Inform. Syst. 33(1), 64–95 (2008)CrossRef
22.
Silva, M., Terue, E., Colom, J.M.: Linear algebraic and linear programming techniques for the analysis of place/transition net systems. In: Reisig, W., Rozenberg, G. (eds.) ACPN 1996. LNCS, vol. 1491, pp. 309–373. Springer, Heidelberg (1998). doi:10.​1007/​3-540-65306-6_​19 CrossRef
23.
Trope, R.L., Ressler, E.K.: Mettle fatigue: Vw’s single-point-of-failure ethics. IEEE Secur. Priv. 14(1), 12–30 (2016)CrossRef
24.
van der Aalst, W.M.P.: The application of Petri nets to workflow management. J. Circuits Syst. Comput. 8(1), 21–66 (1998)CrossRef
25.
van der Aalst, W.M.P.: Process Mining - Discovery Conformance and Enhancement of Business Processes. Springer, Berlin (2011)MATH
26.
Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inform. Syst. Secur. 13(4), 40:1–40:35 (2010)
27.
28.
Wolter, C., Menzel, M., Meinel, C.: Modelling security goals in business processes. In: Kühne, T., Reisig, W., Steimann, F. (eds.) Modellierung 2008, 12–14 März 2008, Berlin, vol. 127. LNI, pp. 197–212. GI (2008)
Metadata
Title
Log- and Model-Based Techniques for Security-Sensitive Tackling of Obstructed Workflow Executions
Authors
Julius Holderer
Josep Carmona
Farbod Taymouri
Günter Müller
Copyright Year
2017
Publisher
Springer Berlin Heidelberg
Book
Transactions on Petri Nets and Other Models of Concurrency XII

Print ISBN: 978-3-662-55861-4

Electronic ISBN: 978-3-662-55862-1

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-662-55862-1_3

Premium Partner

    Image Credits