Abstract
This paper makes three contributions to the area of multilevel secure (MLS) workflow management systems (WFMS). First, it proposes a multilevel secure workflow transaction model. This model identifies the task dependencies in a workflow that cannot be enforced in order to meet multilevel security constraints. Second, it shows how Petri nets, a mathematical as well as a graphical tool, can be used to represent various types of task dependencies. Third, it extends the original Petri net (PN) model by proposing a Secure Petri Net (SPN) that can automatically detect and prevent all the task dependencies that violate security. This paper then presents algorithms to construct and execute MLS workflow transactions.
Chapter PDF
Similar content being viewed by others
References
Bell, D. & LaPadula, L. (1976), Secure computer systems: Unified exposition and multics interpretation., Technical Report MTR-2997, The Mitre Corporation, Bedford, MA.
Biliris, A., Dar, S., Gehani, N., Jagadish, H. & Ramamritham, K. (1994), ASSET: a system for supporting extended transactions, in ‘Proc. ACM SIGMOD Int’l. Conf. on Management of Data’, Minneapolis, MN, pp. 44–54.
Blaustein, B. T., Jajodia, S., McCollum, C. D. & Notargiacomo, L. (1993), A model of atomicity for multilevel transactions, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 120–134.
Chrysanthis, P. (1991), ACTA, A framework for modeling and reasoning about extended transactions, PhD thesis, Department of Computer and Information Science, University of Massachusetts, Amherst.
Denning, D. E. (1982), Cryptography and Data Security, Addison-Wesley, Reading, MA.
Elmagarmid, A. K. (1992), Database Transaction Models for Advanced Applications, Morgan Kaufmann, San Mateo. California.
Elmagarmid, A. K., Leu, Y., Litwin, W. & Rusinkiewicz, M. (1990), A Multidatabase Transaction Model for InterBase, in ‘Proc. 16th Int’l. Conf. on Very Large Data Bases’, Briabane, Australia, pp. 507–518.
Georgakopoulos, D., Hornick, M. & Sheth, A. (1995), ‘An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure’, Distributed and Parallel Databases pp. 119–153.
Georgakopoulos, D. et al. (1993), ‘An Extended Transaction Environment for Workflows in Distributed Object Computing’, Bulletin of IEEE Technical Committee on Data Engineering 16 (2), 24–27.
Kosaraju, S. R. (1982), Decidability and reachability in vector addition systems, in ‘Proc. of the 14th ACM Symposium on Theory of Computing’, pp. 267–281.
Murata, T. (1989), ‘Petri nets: Properties, analysis and applications’, Proceedings of the IEEE 77 (4), 541–580.
Peterson, J. L. (1981), Petri net theory and modeling of Systems, Prentice-Hall, Englewood Cliffs, NJ.
Rusinkiewicz, M. & Sheth, A. (1994), Specification and Execution of Transactional Workflows, in W. Kim, ed., ‘Modern Database Systems: The Object Model, Interoperability, and Beyond’, Addison-Wesley.
Sheth, A., Rusinkiewicz, M. & Karabatis, G. (1993), ‘Using Polytransactions to Manage Interdependent Data’, Bulletin of IEEE Technical Committee on Data Engineering 16 (2), 37–40.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Atluri, V., Huang, WK. (1997). An Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment. In: Samarati, P., Sandhu, R.S. (eds) Database Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35167-4_15
Download citation
DOI: https://doi.org/10.1007/978-0-387-35167-4_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2900-8
Online ISBN: 978-0-387-35167-4
eBook Packages: Springer Book Archive