Skip to main content
Springer Nature Link
Log in

IF-Net: A Meta-Model for Security-Oriented Process Specification

  • Conference paper
Security and Trust Management (STM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8203))

Included in the following conference series:

  • 684 Accesses

Abstract

In this paper we propose a new Petri net-based meta-model for the specification of workflows. While existing approaches for workflow modeling typically address the consistency of process models, there is no de-facto standard for models which also comprise security-related aspects. Besides basic workflow properties such as executing subjects and transition guards, the proposed IF-Net approach allows net parts to be annotated with security levels in a way that information flow control mechanisms can be applied. By introducing distinguishable token types, IF-Net allows the modeling of both, the control- and data-flow of a workflow in an intuitive way. Altogether IF-Net allows the specification of workflows in a detailed way and provides a basis for the formal verification of security properties on these specifications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Accorsi, R., Lehmann, A.: Automatic Information Flow Analysis of Business Process Models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  2. Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Business & Information Systems Engineering 3(3), 145–154 (2011)

    Article  Google Scholar 

  3. Adam, N., Atluri, V., Huang, W.: Modeling and analysis of workflows using petri nets. Journal of Intelligent Information Systems 10, 131–158 (1998)

    Article  Google Scholar 

  4. Atluri, V., Chun, S., Mazzoleni, P.: A Chinese Wall Security Model for Decentralized Workflow Systems. In: Computer and Communications Security, CCS 2001, pp. 48–57 (2001)

    Google Scholar 

  5. Biba, K.: Integrity considerations for secure computer systems. Technical report, MITRE Corporation (1977)

    Google Scholar 

  6. Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT 2012, pp. 123–126. ACM (2012)

    Google Scholar 

  7. Busi, N., Gorrieri, R.: Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science 19, 1065–1090 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  8. Denning, D.E., Denning, P.J.: Certification of Pograms for Secure Information Flow. Communications of the ACM 20, 504–513 (1977)

    Article  MATH  Google Scholar 

  9. Frau, S., Gorrieri, R., Ferigato, C.: Petri Net Security Checker: Structural Non-Interference at Work. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 210–225. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Harmon, P., Wolf, C.: Business process trends. Technical report (2010), http://www.pbtrends.com

  11. Rakkay, H., Boucheneb, H.: Security analysis of role based access control models using colored petri nets and cPNtools. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 149–176. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. ter Hofstede, A.H.M.: Yawl: Yet Another Workflow Language. Information Systems 30, 245–275 (2005)

    Article  Google Scholar 

  13. Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. EATCS Series, vol. 1. Springer (2003)

    Google Scholar 

  14. Jiang, Y., Lin, C., Yin, H., Tan, Z.: Security analysis of mandatory access control model. In: IEEE International Conference on Systems, Man and Cybernetics, pp. 5013–5018 (2004)

    Google Scholar 

  15. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Katt, B., Hafner, M., Zhang, X.: A usage control policy specification with petri nets. In: Collaborative Computing: Networking, Applications and Worksharing, pp. 1–8 (2009)

    Google Scholar 

  17. Knorr, K.: Multilevel Security and Information Flow in Petri Net Workflows. Technical report, Telecommunication Systems - Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems (2001)

    Google Scholar 

  18. Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: Verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  19. Lohmann, N., Verbeek, E., Dijkman, R.: Petri net transformations for business processes – A survey. In: Jensen, K., van der Aalst, W.M.P. (eds.) Transactions on Petri Nets and Other Models of Concurrency II. LNCS, vol. 5460, pp. 46–63. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Lowis, L., Accorsi, R.: Finding vulnerabilities in SOA-based business processes. IEEE Transactions on Service Computing 4(3), 230–242 (2011)

    Article  Google Scholar 

  21. Müller, G., Accorsi, R.: Why are business processes not secure? In: Festschrift for Prof. Johannes Buchmann. LNCS. Springer (to appear)

    Google Scholar 

  22. Murata, T.: Petri nets: Properties, analysis and applications. Proceedings of the IEEE 77, 541–580 (1989)

    Article  Google Scholar 

  23. Smith, H., Fingar, P.: Workflow is just a Pi-process (2004)

    Google Scholar 

  24. Trčka, N., van der Aalst, W.M.P., Sidorova, N.: Data-flow anti-patterns: Discovering data-flow errors in workflows. In: van Eck, P., Gordijn, J., Wieringa, R. (eds.) CAiSE 2009. LNCS, vol. 5565, pp. 425–439. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. van der Aalst, W.M.P.: The Application of Petri Nets to Workflow Management. Journal of Circuits, Systems, and Computers 8, 21–66 (1998), http://www.fairdene.com/picalculus/workflow-is-just-a-pi-process.pdf

  26. van der Aalst, W.M.P.: Workflow Verification: Finding Control-Flow Errors Using Petri-Net-Based Techniques. In: van der Aalst, W.M.P., Desel, J., Oberweis, A. (eds.) Business Process Management. LNCS, vol. 1806, pp. 161–183. Springer, Heidelberg (2000)

    Google Scholar 

  27. van der Aalst, W.M.P.: Why workflow is NOT just a Pi-process (2004)

    Google Scholar 

  28. van der Aalst, W.M.P.: Pi calculus versus petri nets: Let us eat ”humble pie” rather than further inflate the ”pi hype”. BPTrends 5, 1–11 (2005)

    Google Scholar 

  29. van der Aalst, W.M.P., ter Hofstede, A.H.M.: Workflow patterns: On the expressive power of (petri-net-based) workflow languages. In: Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, pp. 1–20. Technical Report DAIMI PB-560 (2002), http://www.bptrends.com/publicationfiles/02-04%20ART%20WhyworkflowisNOTjustaPi%20-%20Aalst1.pdf

  30. van der Aalst, W.M.P., Weijters, T., Maruster, L.: Workflow Mining: Discovering Process Models from Event Logs. IEEE Trans. Knowl. Data Eng. 16, 1128–1142 (2004)

    Article  Google Scholar 

  31. von Stackelberg, S., Böhm, K., Bracht, M.: Embedding ‘break the glass’ into business process models. In: Meersman, R., Panetto, H., Dillon, T., Rinderle-Ma, S., Dadam, P., Zhou, X., Pearson, S., Ferscha, A., Bergamaschi, S., Cruz, I.F. (eds.) OTM 2012, Part I. LNCS, vol. 7565, pp. 455–464. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  32. Zhang, Z., Hong, F., Liao, J.: Modeling chinese wall policy using colored petri nets. In: Computer and Information Technology, CIT 2006, p. 162 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Freiburg, Germany

    Thomas Stocker & Frank Böhr

Authors
  1. Thomas Stocker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank Böhr
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, University of Freiburg, Friedrichstraße 50, 79098, Freiburg, Germany

    Rafael Accorsi

  2. Centre for Information Technology, Fondazione Bruno Kessler ( FBK), via Sommarive 18, 38123, Trento, Italy

    Silvio Ranise

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stocker, T., Böhr, F. (2013). IF-Net: A Meta-Model for Security-Oriented Process Specification. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41098-7_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41097-0

  • Online ISBN: 978-3-642-41098-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics