Unified Implementation and Simplification for Task-Based Authorization Security in Workflows

Authorization-related security requirements are of great significance in workflow management systems. Existing studies are restricted in their scopes of research. There is no unified principle for their implementation. In this paper, we focus on the unification of authorization-related security requirements using Petri nets (PNs). These security requirements are expressed by constraints, being imposed on tasks, namely task-based security requirements (TSRs). By downgrading TSRs to a kind of authorization-conflict relationship, we provide a standardized expression for TSRs. Such a standardized expression can be transformed to firing-based linear inequalities which are a more general representation of constraints. Then, we propose the firing control for the unified implementation of TSRs based on firing-based linear inequalities. In fact, firing control is enforced by structural controllers namely monitors which are structurally consistent with PNs. For the sake of conciseness, simplification techniques are provided for the monitors. Ultimately, the experiments and discussions are presented to show the performance and advantages of the proposed approach.