Beacon-Based Firing Control for Authorization Security in Workflows

Abstract

One of the noteworthy investigations in workflows is the implementation of authorization-related security requirements. There are two typical security requirements, i.e., separation of duty (SoD) and binding of duty (BoD). However, most of the previous works are only focused on SoD while ignoring BoD. In this article, we consider both of them by proposing an extended-structural implementation approach, namely beacon-based firing control, to enforce security requirements. Thanks to the flexibility of beacon-based firing control, both BoD and SoD can be enforced in a straightforward way with no sophisticated operations for their implementation, although they are a pair of security requirements in conflict. As a preparation of beacon-based firing control, we define the beacon-extended Petri nets (PNs) by introducing a new object, namely beacon, to PNs so as to lay the foundation. In addition, we present the firing-based linear equations and inequalities for BoD and SoD to provide the standardized descriptions for their implementation. For the sake of expansibility, the applicability analysis is provided for the more general security requirements. Ultimately, the comparative experiments and discussions are presented to show the effiectiveness and efficiency of the proposed approach.